Nyamsuren Vaanchig,Wei Chen,Zhiguang Qin

DOI: https://doi.org/10.11989/jest.1674-862x.5121616

2017-01-01

Journal of Electronic Science and Technology

Abstract:Nowadays, there is the tendency to outsource data to cloud storage servers for data sharing purposes. In fact, this makes access control for the outsourced data a challenging issue. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic solution for this challenge. It gives the data owner (DO) direct control on access policy and enforces the access policy cryptographically. However, the practical application of CP-ABE in the data sharing service also has its own inherent challenge with regard to attribute revocation. To address this challenge, we proposed an attribute-revocable CP-ABE scheme by taking advantages of the over-encryption mechanism and CP-ABE scheme and by considering the semi-trusted cloud service provider (CSP) that participates in decryption processes to issue decryption tokens for authorized users. We further presented the security and performance analysis in order to assess the effectiveness of the scheme. As compared with the existing attribute-revocable CP-ABE schemes, our attribute-revocable scheme is reasonably efficient and more secure to enable attribute-based access control over the outsourced data in the cloud data sharing service.

Nyamsuren Vaanchig,Wei Chen,Zhiguang Qin

DOI: https://doi.org/10.14257/ijsia.2016.10.10.27

2016-01-01

International Journal of Security and Its Applications

Abstract:Nowadays, more and more users outsource their data to third party cloud storage servers for the purpose of sharing, so cloud data sharing becomes one of the popular services offered by cloud service providers. However, the third party storage servers in cloud data sharing systems, which are not fully trusted by data owners, make access control to the shared data a challenging issue. Although Ciphertext-Policy AttributeBased Encryption (CP-ABE) is an emerging cryptographic solution for this issue, dealing with dynamic changes to users' access privileges (attribute revocation) in its practical applications as cloud data sharing systems is a real challenge. To overcome this challenge, we propose a fine-grained access control scheme for cloud data sharing systems by designing secure and efficient attribute-revocable CP-ABE scheme. Our scheme only allows non-revoked users in the attribute group to update their secret key by themselves using their unique key-update keys and the ciphertexts are updated by minimally trusted cloud server using a ciphertext-update key. Compared with the existing access controls achieved by attribute-revocable CP-ABE schemes, our proposed access control scheme reduces the trust degree of the cloud server in the attribute revocation mechanism. Furthermore, the analysis indicates that our access control scheme is more secure and efficient to apply to practical scenarios.

Peng Zhang,Zehong Chen,Kaitai Liang,Shulan Wang,Ting Wang

DOI: https://doi.org/10.1007/978-3-319-40253-6_32

2016-01-01

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality but also fine-grained data access control. It enables data owners to define flexible access policy for cloud-based data sharing. However, the user revocation and attribute update problems existing in CP-ABE systems that are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting user revocability and attribute update. Specifically, the user revocation is defined in the identity-based setting that does not conflict our attribute-based design. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertexts associated with the corresponding updated attribute. Moreover, the security analysis shows that the proposed scheme is secure under the decisional Bilinear DiffieHellman assumption.

Xingxing Xie,Hua Ma,Jin Li,Xiaofeng Chen

DOI: https://doi.org/10.3217/jucs-019-16-2349

2013-01-01

Abstract:Attribute-Based Encryption (ABE) is one of the new visions for fine- grained access control in cloud computing. Plenty of research work has been done in both academic and industrial communities. However, before ABE can be deployed in data outsourcing systems, efficient enforcement of authorization policies and policy updates are the main obstacles. Therefore, in order to solve this problem, efficient and secure attribute and user revocation should be proposed in original ABE scheme, which is still a challenge in existing work. In this paper, we propose a new ciphertext-policy ABE (CP-ABE) construction with efficient attribute and user revocation, which largely eliminates the overhead computation at data service manager and data owner. Besides, we present an efficient access control mechanism based on the CP-ABE construction with one outsourcing computation service provider.

Xiong Wang,Yaping Chi,Yang Zhang

DOI: https://doi.org/10.1109/iccea50009.2020.00026

2020-01-01

Abstract:Ciphertext policy Attribute-based encryption (CPABE) plays an increasingly important role in the field of fine-grained access control for cloud storage. However, The exiting solution can not balance the issue of user identity tracking and user revocation. In this paper, we propose a CP-ABE scheme that supports association revocation and traceability. This scheme uses identity directory technology to realize single user revocation and associated user revocation, and the ciphertext re-encryption technology guarantees the forward security of revocation without updating the private key. In addition, we can accurately trace the identity of the user according to the decryption private key and effectively solve the problem of key abuse. This scheme is proved to be safe and traceable under the standard model, and can effectively control the computational and storage costs while maintaining functional advantages. It is suitable for the practical scenarios of tracking audit and user revocation.

Xingxing Xie,Hua Ma,Jin Li,Xiaofeng Chen

DOI: https://doi.org/10.1007/978-3-642-36818-9_41

2013-01-01

Abstract:Attribute-Based Encryption (ABE) is one of the promising cryptographic primitives for fine-grained access control of shared outsourced data in cloud computing. However, before ABE can be deployed in data outsourcing systems, it has to provide efficient enforcement of authorization policies and policy updates. However, in order to tackle this issue, efficient and secure attribute and user revocation should be supported in original ABE scheme, which is still a challenge in existing work. In this paper, we propose a new ciphertext-policy ABE (CP-ABE) construction with efficient attribute and user revocation. Besides, an efficient access control mechanism is given based on the CP-ABE construction with an outsourcing computation service provider.

Kan Yang,Xiaohua Jia,Kui Ren

DOI: https://doi.org/10.1145/2484313.2484383

2013-01-01

Abstract:A cloud storage service allows data owner to outsource their data to the cloud and through which provide the data access to the users. Because the cloud server and the data owner are not in the same trust domain, the semi-trusted cloud server cannot be relied to enforce the access policy. To address this challenge, traditional methods usually require the data owner to encrypt the data and deliver decryption keys to authorized users. These methods, however, normally involve complicated key management and high overhead on data owner. In this paper, we design an access control framework for cloud storage systems that achieves fine-grained access control based on an adapted Ciphertext-Policy Attribute-based Encryption (CP-ABE) approach. In the proposed scheme, an efficient attribute revocation method is proposed to cope with the dynamic changes of users' access privileges in large-scale systems. The analysis shows that the proposed access control scheme is provably secure in the random oracle model and efficient to be applied into practice.

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1145/1755688.1755720

2010-01-01

Abstract:Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical applications usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we resolve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In addition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.

Yinghui Zhang,Xiaofeng Chen,Jin Li,Hui Li,Fenghua Li

DOI: https://doi.org/10.3837/tiis.2014.11.021

2014-01-01

Abstract:Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

Nyamsuren Vaanchig,Hu Xiong,Wei Chen,Zhiguang Qin

DOI: https://doi.org/10.6633/ijns.201801.20(1).11

2018-01-01

Abstract:Nowadays, more and more users store their data in cloud storage servers for great convenience and real benefits offered by the service, so cloud data storage becomes one of the desirable services provided by cloud service providers. Multi-Authority Ciphertext-Policy Attribute-Based Encryption (MA-CP-ABE) is an emerging cryptographic solution to data access control for large-scale collaborative cloud storage service, which allows any data owner to outsource the data to cloud data storage in order to enable users from collaborating domains or organizations to access the outsourced data. However, the existing MA-CPABE schemes cannot be directly applied to collaborative cloud storage services as data access control due to the key escrow problem and the absence of dual revocation mechanism (user revocation and attribute revocation). By addressing these issues, this paper presents a Key-EscrowFree Multi-Authority Ciphertext-Policy Attribute-Based Encryption Scheme with Dual-Revocation by introducing “the essential attribute” and making use of a certificate authority apart from attribute authorities. Compared with the existing MA-CP-ABE schemes, the proposed scheme is the most suitable one to enable data access control for collaborative cloud storage systems. Furthermore, the security and performance analysis indicates that our scheme is more secure and reasonably efficient to be applied to practical scenarios as collaborative cloud storage systems.

Yong Cheng,Zhiying Wang,Jun Ma,Jiangjiang Wu,Songzhu Mei,Jiangchun Ren

DOI: https://doi.org/10.1631/jzus.c1200240

2013-01-01

Abstract:It is secure for customers to store and share their sensitive data in the cryptographic cloud storage.However,the revocation operation is a sure performance killer in the cryptographic access control system.To optimize the revocation procedure,we present a new efficient revocation scheme which is efficient,secure,and unassisted.In this scheme,the original data are first divided into a number of slices,and then published to the cloud storage.When a revocation occurs,the data owner needs only to retrieve one slice,and re-encrypt and re-publish it.Thus,the revocation process is accelerated by affecting only one slice instead of the whole data.We have applied the efficient revocation scheme to the ciphertext-policy attribute-based encryption(CP-ABE) based cryptographic cloud storage.The security analysis shows that our scheme is computationally secure.The theoretically evaluated and experimentally measured performance results show that the efficient revocation scheme can reduce the data owner’s workload if the revocation occurs frequently.

An-Ping Xiong,Chun-Xiang Xu,Qi-Xian Gan

DOI: https://doi.org/10.1109/ICCWAMTIP.2014.7073420

2014-01-01

Abstract:Attribute Based Encryption (CP-ABE) access control schemes has become a heated topic area in security since it is more suitable for access control mechanism. Due to the problems such that system attribute revocation is not flexible, system overhead is too big and other issues for existing CP-ABE access control schemes under cloud environment, with the limited access condition of `AND' and `OR' in an access tree, based on AB-ACER schemes, we proposed a CP-ABE scheme with system attribute revocation in Cloud storage. This scheme is based on many minimum attribute sets which shared Re-encryption keys, storage service provider re-encrypts ciphertext when a system attribute is revoked. This scheme is not only keeps security and fine-grained access control of original scheme, but also has a good flexibility and efficiency.

Tao Ye,Yongquan Cai,Xu Zhao,Yongli Yang,Wei Wang,Yi Zhu

DOI: https://doi.org/10.1504/ijwmc.2019.097424

2019-01-01

Abstract:The CP-ABE-based access control scheme, which can better realise the access control of many-to-multi-ciphertext shared in the cloud storage architecture, is still facing the problems that the system cost is too large, and the policy attribute revocation or restore is not flexible. This paper proposes an efficient access control scheme based on CP-ABE with supporting attribute change in cloud storage system. The fine-grained access control can be achieved by re-encryption mechanism which takes the minimum shared re-encryption key for policy attribute set. And then the access structure tree is expanded by creating a corresponding virtual attribute for each leaf node attribute. The analysis results of the scheme indicate that the efficient and flexibility of the attribute change is not only improved, but also the system cost is reduced.

Yang Zhao,Mao Ren,Songquan Jiang,Guobin Zhu,Hu Xiong

DOI: https://doi.org/10.1007/s00607-018-0637-2

2018-01-01

Computing

Abstract:As a special kind of public-key encryption, attribute-based encryption (ABE) is able to achieve fine-grained access control mechanism by offering one-to-many encryption. Due to such unique characteristic, this primitive is widely employed in the cloud computing environment to provide flexible and secure data sharing. However, how to revoke the access privilege of a user to access encrypted data stored in cloud servers is challenging. Furthermore, the complex operation of ABE may cause a huge computational cost and is usually considered to be a heavy burden for system users. Motivated by the practical needs, an ABE scheme called efficient and revocable storage CP-ABE scheme with outsourced decryption and constant-size ciphertexts and secret keys is proposed in this paper. Our scheme offers the following features: Chinese remainder theorem is utilized to achieve revocable storage. In detail, third party severs are allowed to update ciphertexts stored on them so that those revoked users cannot decrypt any ciphertexts any more. To minimize local operations, the concept of outsourced ABE system with constant-size ciphertexts and secret keys are introduced. More specifically, decryptor is able to outsource most of computing work to the outsourcing service providers. In addition, the scheme is provably secure against selectively chosen-ciphertext attack. At the end, we describe how to deploy the scheme in cloud computing environment.

Jingwei Wang,Xinchun Yin,Jianting Ning,Geong Sen Poh

DOI: https://doi.org/10.1007/978-3-030-14234-6_26

2018-01-01

Abstract:Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology and a key component that enable secure data sharing in a cloud environment through fine-grained access control. Since it was introduced, many interesting schemes have been proposed. However, in addition to managing data sharing through access control, a comprehensive scheme should also cater for user revocation and ciphertext queries. This is because in a cloud environment new users may join while existing users may leave the system. At the same time, given the potentially large amount of data stored in a cloud storage, user should be able to retrieve the required files efficiently in a privacy-preserving manner. To address the above issue, in this paper, we propose a practical searchable CP-ABE scheme supporting user revocation. In contrast to existing schemes that provide only single keyword query, our efficient search function provides conjunctive search, which allows user to locate a ciphertext related to a set of keywords. The computation overhead of our user revocation is at least on par with existing schemes. Besides, the security analysis indicates that the proposed scheme is secure under the decisional Bilinear Diffie-Hellman assumption. We also provide extensive experimental results to confirm the efficiency and feasibility of our proposed construction.

Jian Wang,Chunxiao Ye,Yangfei Ou

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2019.00092

2019-01-01

Abstract:Cloud computing have brought a lot of advantages, such as reducing the hardware cost and providing a convenient cloud storage service. More and more people choose to put their private data in the cloud. However, due to data outsourcing and seminal-trusted cloud servers, data access control has becoming a challenging issue. To protect data security and privacy, some ciphertext policy attribute-based encryption (CP-ABE) schemes have been applied to cloud data access control. However, there are two dynamic issues, namely attribute revocation and policy updating, that need to be solved in the existing CP-ABE schemes. In this paper, we propose a fine-grained dynamic multi-authority cloud data access control scheme, which can solve the above two problems. Besides, our scheme can also support user revocation, which make it more practical. The analysis and simulation results show that our scheme is secure in the random oracle model and is efficient.

Zhang Ruoqing,Hui Lucas,Yiu Sm,Yu Xiaoqi,Liu Zechao,Zoe L. Jiang

DOI: https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.259

2017-01-01

Abstract:Ciphertext-Policy Attribute-based Encryption (CP-ABE) is a useful cryptographic scheme and is being considered for cloud application as more and more users leverage cloud platforms to store and process their data. However, existing CP-ABE schemes still have a number of limitations that make it not effective to be used in a practical application. Firstly, the size of the ciphertext and the time for decryption grow with the complexity of the access formula. This efficiency issue becomes a problem when using a cloudplatform and mobile devices with limited processing capacity. Secondly, in reality, the attributes of users may be changed from time to time, or some users may eventually leave the system due to resignation. This practical concern requires a scheme with flexible and fine-grained revocation optionsupporting attribute-level changes. Lastly, traceability is also an important feature to track potential traitors who leak the partial decryption keys if ABE is used in a real scenario. None of the existing CP-ABE schemes are able to satisfy these three properties simultaneously. In this paper, we propose apractical CP-ABE that can achieve all three requirements. Our system adopts techniques on secure outsourcing of pairings to support efficient outsourcing computation and makes use of a subset cover algorithm to meet the requirements of revocation and traceability. Our scheme is proved to be a selectively replayable chosen-ciphertext attack (RCCA) secure in random oracle model. The result of our work could provide a feasible, reliable and practical CP-ABE scheme for the realistic application.

Xiao Zhang,Faguo Wu,Wang Yao,Zhao Wang,Wenhua Wang

DOI: https://doi.org/10.1002/cpe.4678

2019-01-01

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is regarded as one of the most suitable technologies for data access control in cloud storage system. It gives data owners direct and flexible control on access policies. However, there still exists practicality concerns in CP-ABE applications, for example, the key escrow problem, user revocability, and large ciphertext size. Considering these problems, we propose a multi-authority attribute-based encryption scheme with constant-size ciphertexts and user revocation for threshold access policy in this paper. The security proof shows that the proposed scheme is selectively secure under the augmented multi-sequence of exponents decisional Diffie-Hellman assumption, and it also achieves forward security, backward security, and collusion-resistance.

DOI: https://doi.org/10.1186/s13677-023-00414-w

2023-03-13

Journal of Cloud Computing

Abstract:Cloud file sharing (CFS) has become one of the important tools for enterprises to reduce technology operating costs and improve their competitiveness. Due to the untrustworthy cloud service provider, access control and security issues for sensitive data have been key problems to be addressed. Current solutions to these issues are largely related to the traditional public key cryptography, access control encryption or attribute-based encryption based on the bilinear mapping. The rapid technological advances in quantum algorithms and quantum computers make us consider the transition from the tradtional cryptographic primitives to the post-quantum counterparts. In response to these problems, we propose a lattice-based Ciphertext-Policy Attribute-Based Encryption(CP-ABE) scheme, which is designed based on the ring learing with error problem, so it is more efficient than that designed based on the learing with error problem. In our scheme, the indirect revocation and binary tree-based data structure are introduced to achieve efficient user revocation and dynamic management of user groups. At the same time, in order to further improve the efficiency of the scheme and realize file sharing across enterprises, the scheme also allows multiple authorities to jointly set up system parameters and manage distribute keys. Furthermore, by re-randomizing the user's private key and update key, we achieve decryption key exposure resistance(DKER) in the scheme. We provide a formal security model and a series of security experiments, which show that our scheme is secure under chosen-plaintext attacks. Experimental simulations and evaluation analyses demonstrate the high efficiency and practicality of our scheme.

Zhang Wei,Zhang Zhishuo,Xiong Hu,Qin Zhiguang

DOI: https://doi.org/10.1007/s12652-021-02922-6

2021-01-01

Abstract:In recent years, attribute-based encryption (ABE) provides a new idea to help researchers solving the problem of data privacy protection in cloud. But there are two issues in traditional ABE, the first issue is that the attributes in the access structures will be sent to users in cleartext together with the ciphertext. So a attacker has the opportunity to obtain some of the private information from the plaintext access structure. And the other issue is the traditional ABE scheme cannot revoke the users' illegal keys in an efficient way. To handle both of the above challenges, we come up with a large universe ciphertext-policy ABE (CP-ABE) scheme which supports partially hidden access structures (PHAS) and highly efficient key revocation at the same time in this paper. What's more, unlike most previous schemes, first our access structure is based on the expressive linear secret sharing scheme (LSSS) which supports both AND and OR gates in access formulas and second our scheme is built from the prime-order bilinear pairing groups. The comparison with other relevant works presents that our scheme is more comprehensive and efficient. Finally we rigorously prove and analyze that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA) in the random oracle model (ROM) and our access structure is really anonymous against off-line dictionary attacks.