Zhen Liu,Zhenfu Cao,Duncan S. Wong

DOI: https://doi.org/10.1145/2508859.2516683

2013-01-01

Abstract:In the context of Ciphertext-Policy Attribute-Based Encryption (CP-ABE), if a decryption device associated with an attribute set S_D appears on eBay, and is alleged to be able to decrypt any ciphertexts with policies satisfied by S_D, no one including the CP-ABE authorities can identify the malicious user(s) who build such a decryption device using their key(s). This has been known as a major practicality concern in CP-ABE applications, for example, providing fine-grained access control on encrypted data. Due to the nature of CP-ABE, users get decryption keys from authorities associated with attribute sets. If there exists two or more users with attribute sets being the supersets of S_D, existing CP-ABE schemes cannot distinguish which user is the malicious one who builds and sells such a decryption device. In this paper, we extend the notion of CP-ABE to support Blackbox Traceability and propose a concrete scheme which is able to identify a user whose key has been used in building a decryption device from multiple users whose keys associated with the attribute sets which are all the supersets of S_D. The scheme is efficient with sub-linear overhead and when compared with the very recent (non-traceable) CP-ABE scheme due to Lewko and Waters in Crypto 2012, we can consider this new scheme as an extension with the property of fully collusion-resistant blackbox traceability added, i.e. an adversary can access an arbitrary number of keys when building a decryption device while the new tracing algorithm can still identify at least one particular key which must have been used for building the underlying decryption device. We show that this new scheme is secure against adaptive adversaries in the standard model, and is highly expressive by supporting any monotonic access structures. Its additional traceability property is also proven against adaptive adversaries in the standard model. As of independent interest, in this paper, we also consider another scenario which we call it "found-in-the-wild". In this scenario, a decryption device is found, for example, from a black market, and reported to an authority (e.g. a law enforcement agency). The decryption device is found to be able to decrypt ciphertexts with certain policy, say A, while the associated attribute set S_D is missing. In this found-in-the-wild scenario, we show that the Blackbox Traceable CP-ABE scheme proposed in this paper can still be able to find the malicious users whose keys have been used for building the decryption device, and our scheme can achieve selective traceability in the standard model under this scenario.

Zhen Liu,Zhenfu Cao,Duncan S. Wong

DOI: https://doi.org/10.1109/tifs.2014.2363562

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In Ciphertext-policy attribute-based encryption (CP-ABE), ciphertexts are associated with access policies, which do not have to contain the identities of eligible receivers, and attributes are shared by multiple users. CP-ABE is useful for providing fine-grained access control on encrypted data. However, it also has a practicality concern that a malicious user, with his attributes shared with other users, might leak his decryption privilege as a decryption blackbox, for some financial gain or other incentives, as there is little risk of getting caught. There are two types of decryption blackboxes that reflect different practical scenarios. A key-like decryption blackbox is associated with an attribute set S-D and can decrypt ciphertexts with access policies satisfied by S-D. A policy-specific decryption blackbox is associated with an access policy A(D) and can decrypt ciphertexts with A(D). Policy-specific decryption blackbox has weaker decryption capacity than key-like decryption blackbox, but tracing it is deemed to be more difficult. In the preliminary version (in CCS 2013) of this paper, we proposed a new CP-ABE scheme which is adaptively traceable against key-like decryption blackbox. The scheme has sublinear overhead, which is the most efficient one to date supporting fully collusion-resistant blackbox traceability. The scheme is fully secure in the standard model, and supports any monotonic access structures. In this paper, we further show that the scheme is also selectively traceable against policy-specific decryption blackbox. Furthermore, and more importantly, we prove a general statement that if a CP-ABE scheme is (selectively) traceable against policy-specific decryption blackbox, it is also (selectively) traceable against key-like decryption blackbox, which implies that we now only need to focus on building CP-ABE schemes which are traceable against policy-specific decryption blackbox.

Jianting Ning,Zhenfu Cao,Xiaolei Dong,Lifei Wei

DOI: https://doi.org/10.1109/tdsc.2016.2608343

2016-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.

Jianting Ning,Xiaolei Dong,Zhenfu Cao,Lifei Wei,Xiaodong Lin

DOI: https://doi.org/10.1109/tifs.2015.2405905

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control to the encrypted data for commercial applications. There has been significant progress in CP-ABE over the recent years because of two properties called traceability and large universe, greatly enriching the commercial applications of CP-ABE. Traceability is the ability of ABE to trace the malicious users or traitors who intentionally leak the partial or modified decryption keys for profits. Nevertheless, due to the nature of CP-ABE, it is difficult to identify the original key owner from an exposed key since the decryption privilege is shared by multiple users who have the same attributes. On the other hand, the property of large universe in ABE enlarges the practical applications by supporting flexible number of attributes. Several systems have been proposed to obtain either of the above properties. However, none of them achieve the two properties simultaneously in practice, which limits the commercial applications of CP-ABE to a certain extent. In this paper, we propose two practical large universe CP-ABE systems supporting white-box traceability. Compared with existing systems, both the two proposed systems have two advantages: 1) the number of attributes is not polynomially bounded and 2) malicious users who leak their decryption keys could be traced. Moreover, another remarkable advantage of the second proposed system is that the storage overhead for traitor tracing is constant, which are suitable for commercial applications.

Zhen Liu,Duncan S. Wong

DOI: https://doi.org/10.1007/978-3-319-28166-7_7

2015-01-01

Abstract:In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user’s decryption key is associated with attributes which in general are not related to the user’s identity, and the same set of attributes could be shared between multiple users. From the decryption key, if the user created a decryption blackbox for sale, this malicious user could be difficult to identify from the blackbox. Hence in practice, a useful CP-ABE scheme should have some tracing mechanism to identify this ‘traitor’ from the blackbox. In addition, being able to revoke compromised keys is also an important step towards practicality, and for scalability, the scheme should support an exponentially large number of attributes. However, none of the existing traceable CP-ABE schemes simultaneously supports revocation and large attribute universe. In this paper, we construct the first practical CP-ABE which possesses these three important properties: (1) blackbox traceability, (2) revocation, and (3) supporting large universe. This new scheme achieves the fully collusion-resistant blackbox traceability, and when compared with the latest fully collusion-resistant blackbox traceable CP-ABE schemes, this new scheme achieves the same efficiency level, enjoying the sub-linear overhead of (O(sqrt{N})), where N is the number of users in the system, and attains the same security level, namely, the fully collusion-resistant traceability against policy-specific decryption blackbox, which is proven in the standard model with selective adversaries. The scheme supports large attribute universe, and attributes do not need to be pre-specified during the system setup. In addition, the scheme supports revocation while keeping the appealing capability of conventional CP-ABE, i.e. it is highly expressive and can take any monotonic access structures as ciphertext policies.

Jianting Ning,Zhenfu Cao,Xiaolei Dong,Lifei Wei

DOI: https://doi.org/10.1007/s11432-016-0062-7

2016-01-01

Science China Information Sciences

Abstract:>Dear editor,As a sophisticated mechanism for secure finegrained access control on encrypted data,Ciphertext-policy attribute-based encryption(CPABE)is a highly promising solution for commercial applications such as cloud computing and social networks.However,there exists an important and practical issue in current CP-ABE systems awaiting to solve.As a one-to-many encryption mechanism,the same ciphertexts will

Jianting Ning,Zhenfu Cao,Xiaolei Dong,Lifei Wei,Xiaodong Lin

DOI: https://doi.org/10.1007/978-3-319-11212-1_4

2014-01-01

Abstract:A Ciphertext-Policy Attribute-Based Encryption (CP-ABE) system extracts the decryption keys over attributes shared by multiple users. It brings plenty of advantages in ABE applications. CP-ABE enables fine-grained access control to the encrypted data for commercial applications. There has been significant progress in CP-ABE over the recent years because of two properties called traceability and large universe , greatly enriching the commercial applications of CP-ABE. Traceability is the ability of ABE to track the malicious users or traitors who intentionally leak the partial or modified decryption keys to others for profits. Nevertheless, due to the nature of CP-ABE, it is difficult to identify the original key owner from an exposed key since the decryption privilege is shared by multiple users who have the same attributes. On the other hand, the property of large universe in ABE proposed by Lewko and Waters enlarges the practical applications by supporting flexible number of attributes. Several systems have been proposed to obtain either of the above properties. However, none of them achieve the two properties simultaneously in practice, which limits the commercial applications of CP-ABE to a certain extent. In this paper, we propose a practical large universe CP-ABE system supporting white-box traceability, which is suitable for commercial applications. Compared to existing systems, our new system has three advantages: (1) The number of attributes is not polynomially bounded; (2) Malicious users who leak their decryption keys could be traced; and, (3) The storage overhead for traitor tracing is constant. We also prove the selective security of our new system in the standard model under “ q -type” assumption.

Zechao Liu,Xuan Wang,Lei Cui,Zoe L. Jiang,Chunkai Zhang

DOI: https://doi.org/10.1109/spac.2017.8304334

2017-01-01

Abstract:Ciphertext policy attribute-based encryption (CP-ABE) is a promising technology that offers fine-grained access control over encrypted data. In a CP-ABE scheme, any user can decrypt the ciphertext using his secret key if his attributes satisfy the access policy embedded in the ciphertext. Since the same ciphertext can be decrypted by multiple users with their own keys, the malicious users may intentionally leak their decryption keys for financial profits. So how to trace the malicious users becomes an important issue in a CP-ABE scheme. In addition, from the practical point of view, users may leave the system due to resignation or dismissal. So user revocation is another hot issue that should be solved. In this paper, we propose a practical CP-ABE scheme. On the one hand, our scheme has the properties of traceability and large universe. On the other hand, our scheme can solve the dynamic issue of user revocation. The proposed scheme is proved selectively secure in the standard model.

Zhang Ruoqing,Hui Lucas,Yiu Sm,Yu Xiaoqi,Liu Zechao,Zoe L. Jiang

DOI: https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.259

2017-01-01

Abstract:Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a useful cryptographic scheme and is being considered for cloud application as more and more users leverage cloud platforms to store and process their data. However, existing CP-ABE schemes still have a number of limitations that make it not effective to be used in a practical application. Firstly, the size of the ciphertext and the time for decryption grow with the complexity of the access formula. This efficiency issue becomes a problem when using a cloudplatform and mobile devices with limited processing capacity. Secondly, in reality, the attributes of users may be changed from time to time, or some users may eventually leave the system due to resignation. This practical concern requires a scheme with flexible and fine-grained revocation optionsupporting attribute-level changes. Lastly, traceability is also an important feature to track potential traitors who leak the partial decryption keys if ABE is used in a real scenario. None of the existing CP-ABE schemes are able to satisfy these three properties simultaneously. In this paper, we propose apractical CP-ABE that can achieve all three requirements. Our system adopts techniques on secure outsourcing of pairings to support efficient outsourcing computation and makes use of a subset cover algorithm to meet the requirements of revocation and traceability. Our scheme is proved to be a selectively replayable chosen-ciphertext attack (RCCA) secure in random oracle model. The result of our work could provide a feasible, reliable and practical CP-ABE scheme for the realistic application.

Xiaoyi Li,Kaitai Liang,Zhen Liu,Duncan Wong

DOI: https://doi.org/10.5220/0006220203090320

2016-01-01

Abstract:A Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows users to specify the access policies without having to know the identities of users. In this paper, we contribute by proposing an ABE scheme which enables revoking corrupted users. Given a key-like blackbox, our system can identify at least one of the users whose key must have been used to construct the blackbox and can revoke the key from the system. This paper extends the work of Liu and Wong to achieve traitor revocability. We construct an Augmented Revocable CP-ABE (AugR-CP-ABE) scheme, and describe its security by message-hiding and index-hiding games. Then we prove that an AugR-CP-ABE scheme with message-hiding and index-hiding properties can be transferred to a secure Revocable CP-ABE with fully collusion-resistant blackbox traceability. In the proof for index-hiding, we divide the adversary's behaviors in two ways and build direct reductions that use adversary to solve the D3DH problem. Our scheme achieves the sub-linear overhead of O(root N), where N is the number of users in the system. This scheme is highly expressive and can take any monotonic access structures as ciphertext policies.

Zhen Liu,Duncan S. Wong

DOI: https://doi.org/10.1007/978-3-319-29814-6_10

2015-01-01

Abstract:In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), access policies associated with the ciphertexts are generally role-based and the attributes satisfying the policies are generally shared by multiple users. If a malicious user, with his attributes shared with multiple other users, created a decryption blackbox for sale, this malicious user could be difficult to identify from the blackbox. Hence in practice, a useful CP-ABE scheme should have some tracing mechanism to identify this ‘traitor’ from the blackbox. In this paper, we propose the first CP-ABE scheme which simultaneously achieves (1) fully collusion-resistant blackbox traceability in the standard model, (2) full security in the standard model, and (3) on prime order groups. When compared with the latest fully collusion-resistant blackbox traceable CP-ABE schemes, this new scheme achieves the same efficiency level, enjoying the sub-linear overhead of (O(sqrt{N})), where N is the number of users in the system. This new scheme is highly expressive and can take any monotonic access structures as ciphertext policies.

Zhen Liu,Qiong Huang,Duncan S. Wong

DOI: https://doi.org/10.1093/comjnl/bxaa082

2020-01-01

The Computer Journal

Abstract:Attribute-based encryption (ABE) is a versatile one-to-many encryption primitive, which enables fine-grained access control over encrypted data. Due to its promising applications in practice, ABE schemes with high efficiency, security and expressivity have been continuously emerging. On the other hand, due to the nature of ABE, a malicious user may abuse its decryption privilege. Therefore, being able to identify such a malicious user is crucial towards the practicality of ABE. Although some specific ABE schemes in the literature enjoys the tracing function, they are only proceeded case by case. Most of the ABE schemes do not support traceability. It is thus meaningful and important to have a generic way of equipping any ABE scheme with traceability. In this work, we partially solve the aforementioned problem. Namely, we propose a way of transforming (non-traceable) ABE schemes satisfying certain requirements to fully collusion-resistant black-box traceable ABE schemes, which adds only $O(\sqrt{\mathcal{K}})$ elements to the ciphertext where ${\mathcal{K}}$ is the number of users in the system. And to demonstrate the practicability of our transformation, we show how to convert a couple of existing non-traceable ABE schemes to support traceability.

Xing Zhang,Cancan Jin,Cong Li,Zilong Wen,Qingni Shen,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_27

2015-01-01

Abstract:To ensure the security of sensitive data, people need to encrypt them before uploading them to the public storage. Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE lacks user and authority accountability. The user can share his/her secret key without being identified, while key generation center (KGC) can generate any user’s secret key. In this paper, we propose a practical large universe ciphertext-policy ABE (CP-ABE) with user and authority accountability in the white-box model. As embedding the user’s identity information into this user’s secret key directly, the trace stage has only O(1) time overhead. The property of accountability is proved against the dishonest user and KGC in the standard model. We implement our scheme in Charm. Experiments show that CP-ABE of Rouselakis and Waters in CCS 2013 is enhanced in user and authority accountability by our method with small computational cost.

Xingbing Fu,Xuyun Nie,Fagen Li

DOI: https://doi.org/10.3390/info6030481

2015-01-01

Information

Abstract:In the existing attribute-based encryption (ABE) scheme, the authority (i. e., private key generator (PKG)) is able to calculate and issue any user's private key, which makes it completely trusted, which severely influences the applications of the ABE scheme. To mitigate this problem, we propose the black box traceable ciphertext policy attribute-based encryption (T-CP-ABE) scheme in which if the PKG re-distributes the users' private keys for malicious uses, it might be caught and sued. We provide a construction to realize the T-CP-ABE scheme in a black box model. Our scheme is based on the decisional bilinear Diffie-Hellman (DBDH) assumption in the standard model. In our scheme, we employ a pair (ID, S) to identify a user, where ID denotes the identity of a user and S denotes the attribute set associated with her.

Zhen Liu,Zhenfu Cao,Duncan S. Wong

DOI: https://doi.org/10.1007/978-3-319-16745-9_22

2015-01-01

Abstract:Recently a series of expressive, secure and efficient Attribute-Based Encryption (ABE) schemes, both inkey-policy flavor and ciphertext-policy flavor, have been proposed. However, before being applied into practice, these systems have to attain traceability of malicious users. As the decryption privilege of a decryption key in Key-Policy ABE (resp. Ciphertext-Policy ABE) may be shared by multiple users who own the same access policy (resp. attribute set), malicious users might tempt to leak their decryption privileges to third parties, for financial gain as an example, if there is no tracing mechanism for tracking them down. In this work we study the traceability notion in the setting of Key-Policy ABE, and formalize Key-Policy ABE supporting fully collusion-resistant blackbox traceability. An adversary is allowed to access an arbitrary number of keys of its own choice when building a decryption-device, and given such a decryption-device while the underlying decryption algorithm or key may not be given, a blackbox tracing algorithm can find out at least one of the malicious users whose keys have been used for building the decryption-device. We propose a construction, which supports both fully collusion-resistant blackbox traceability and high expressivity (i.e. supporting any monotonic access structures). The construction is fully secure in the standard model (i.e. it achieves the best security level that the conventional non-traceable ABE systems do to date), and is efficient that the fully collusion-resistant blackbox traceability is attained at the price of making ciphertexts grow only sub-linearly in the number of users in the system, which is the most efficient level to date.

Zhen Liu,Zhenfu Cao,Duncan S. Wong

DOI: https://doi.org/10.1109/tifs.2012.2223683

IF: 7.231

2012-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In a ciphertext-policy attribute-based encryption (CP-ABE) system, decryption keys are defined over attributes shared by multiple users. Given a decryption key, it may not be always possible to trace to the original key owner. As a decryption privilege could be possessed by multiple users who own the same set of attributes, malicious users might be tempted to leak their decryption privileges to some third parties, for financial gain as an example, without the risk of being caught. This problem severely limits the applications of CP-ABE. Several traceable CP-ABE (T-CP-ABE) systems have been proposed to address this problem, but the expressiveness of policies in those systems is limited where only and gate with wildcard is currently supported. In this paper we propose a new T-CP-ABE system that supports policies expressed in any monotone access structures. Also, the proposed system is as efficient and secure as one of the best (non-traceable) CP-ABE systems currently available, that is, this work adds traceability to an existing expressive, efficient, and secure CP-ABE scheme without weakening its security or setting any particular trade-off on its performance.

Zhen Liu,Duncan S. Wong

DOI: https://doi.org/10.1093/comjnl/bxv101

2015-01-01

Abstract:A blackbox traceable Attribute-Based Encryption (ABE) can identify a malicious user called traitor, which created a decryption box with respect to an attribute set (respectively, access policy), out of all the users who share the same attribute set (respectively, access policy). However, none of the existing traceable ABE schemes can also support revocation and large attribute universe, that is, being able to revoke compromised keys, and can take an exponentially large number of attributes. In this paper, we formalize the definitions and security models, and propose constructions of both Ciphertext-Policy ABE and Key-Policy ABE that support (i) public and fully collusion-resistant blackbox traceability, (ii) revocation, (iii) large universe and (iv) any monotonic access structures as policies (i.e. high expressivity). We also show that the schemes are secure and blackbox traceable in the standard model against selective adversaries.

Zhang Wei,Zhang Zhishuo,Xiong Hu,Qin Zhiguang

DOI: https://doi.org/10.1007/s12652-021-02922-6

2021-01-01

Abstract:In recent years, attribute-based encryption (ABE) provides a new idea to help researchers solving the problem of data privacy protection in cloud. But there are two issues in traditional ABE, the first issue is that the attributes in the access structures will be sent to users in cleartext together with the ciphertext. So a attacker has the opportunity to obtain some of the private information from the plaintext access structure. And the other issue is the traditional ABE scheme cannot revoke the users' illegal keys in an efficient way. To handle both of the above challenges, we come up with a large universe ciphertext-policy ABE (CP-ABE) scheme which supports partially hidden access structures (PHAS) and highly efficient key revocation at the same time in this paper. What's more, unlike most previous schemes, first our access structure is based on the expressive linear secret sharing scheme (LSSS) which supports both AND and OR gates in access formulas and second our scheme is built from the prime-order bilinear pairing groups. The comparison with other relevant works presents that our scheme is more comprehensive and efficient. Finally we rigorously prove and analyze that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA) in the random oracle model (ROM) and our access structure is really anonymous against off-line dictionary attacks.

Jingwei Wang,Xinchun Yin,Jianting Ning,Geong Sen Poh

DOI: https://doi.org/10.1007/978-3-030-14234-6_26

2018-01-01

Abstract:Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology and a key component that enable secure data sharing in a cloud environment through fine-grained access control. Since it was introduced, many interesting schemes have been proposed. However, in addition to managing data sharing through access control, a comprehensive scheme should also cater for user revocation and ciphertext queries. This is because in a cloud environment new users may join while existing users may leave the system. At the same time, given the potentially large amount of data stored in a cloud storage, user should be able to retrieve the required files efficiently in a privacy-preserving manner. To address the above issue, in this paper, we propose a practical searchable CP-ABE scheme supporting user revocation. In contrast to existing schemes that provide only single keyword query, our efficient search function provides conjunctive search, which allows user to locate a ciphertext related to a set of keywords. The computation overhead of our user revocation is at least on par with existing schemes. Besides, the security analysis indicates that the proposed scheme is secure under the decisional Bilinear Diffie-Hellman assumption. We also provide extensive experimental results to confirm the efficiency and feasibility of our proposed construction.

Jin Li,Kui Ren,Bo Zhu,Zhiguo Wan

DOI: https://doi.org/10.1007/978-3-642-04474-8_28

2009-01-01

Abstract:As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. To further address the concern of user access privacy, privacy-aware ABE schemes are being developed to achieve hidden access policy recently. For the purpose of secure access control, there is, how- ever, still one critical functionality missing in the existing ABE schemes, which is user accountability. Currently, no ABE scheme can completely prevent the problem of illegal key sharing among users. In this paper, we tackle this problem by firstly proposing the notion of accountable, anony- mous, and ciphertext-policy ABE (CP-A 3 BE, in short) and then giving out a concrete construction. We start by improving the state-of-the-art of anonymous CP-ABE to obtain shorter public parameters and ciphertext length. In the proposed CP-A 3 BE construction, user accountability can be achieved in black-box model by embedding additional user-specific information into the attribute private key issued to that user, while still maintaining hidden access policy. The proposed constructions are prov- ably secure.