Qiang Wang,Li Peng,Hu Xiong,Jianfei Sun,Zhiguang Qin

DOI: https://doi.org/10.1109/access.2017.2775741

IF: 3.9

2017-01-01

IEEE Access

Abstract:Public key encryption supporting equality test (referred to as PKE-ET) provides the capability of testing the equivalence between two messages encrypted under different public keys. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising primitive to achieve versatile and secure data sharing in the cloud computing by providing flexible one-to-many encryption. In this paper, we first initialize the concept of CP-ABE with equality test (CP-ABE-ET) by combining the notions of PKE-ET and CP-ABE. Using ABE-ET primitive, the receiver can delegate a cloud server to perform an equivalence test between two messages, which are encrypted under different access policies. During the delegated equivalence test, the cloud server is unable to obtain any knowledge of the message encrypted under either access policy. We propose a concrete CP-ABE-ET scheme using bilinear pairing and Viete's formulas, and give the security proof of the proposed scheme formally in the standard model. Moreover, the theoretic analysis and experimental simulation reveal that the proposed scheme is efficient and practical.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1093/comjnl/bxz036

2019-01-01

The Computer Journal

Abstract:Thanks to the ease of access and low expenses, it is now popular for people to store data in cloud servers. To protect sensitive data from being leaked to the outside, people usually encrypt the data in the cloud. However, management of these encrypted data becomes a challenging problem, e.g. data classification. Besides, how to selectively share data with other users is also an important and interesting problem in cloud storage. In this paper, we focus on ciphertext-policy attribute based encryption with equality test (CP-ABEET). People can use CP-ABEET to implement not only flexible authorization for the access to encrypted data, but also efficient data label classification, i.e. test of whether two encrypted data contain the same message. We construct an efficient CP-ABEET scheme, and prove its security based on a reasonable number-theoretic assumption. Compared with the only existing CP-ABEET scheme, our construction is more efficient in key generation, and has shorter attribute-related secret keys and better security.

Nabeil Eltayieb,Rashad Elhabob,Alzubair Hassan,Fagen Li

DOI: https://doi.org/10.1007/978-3-030-05063-4_18

2018-01-01

Abstract:The data of user should be protected against untrusted cloud server. A simple way is to use cryptographic methods. Attribute-based encryption (ABE) plays a vital role in securing many applications, particularly in cloud computing. In this paper, we propose a scheme called fine-grained attribute-based encryption supporting equality test (FG-ABEET). The proposed scheme grants the cloud server to perform if two ciphertexts are encryptions of the same message encrypted with the same access policy or different access policy. Moreover, the cloud server can perform the equality test operation without knowing anything about the message encrypted under either access policy. The FG-ABEET scheme is proved to be secure under Decisional Bilinear Diffe-Hellman (DBDH) assumption. In addition, the performance comparisons reveal that the proposed FG-ABEET scheme is efficient and practical.

Karary university,Xiong Hu,Arab East Colleges for Graduate Studies,Ramadan Mohammed,Qin Zhiguang

DOI: https://doi.org/10.1007/s11276-020-02462-5

IF: 2.701

2020-01-01

Wireless Networks

Abstract:With the rapid popularity and wide adoption of cloud storage, providing privacy-preserving by protecting sensitive information becomes a matter of grave concern. The most effective and sensible way to address this issue is to encrypt the data before uploading it to the cloud. However, to search over encrypted data with different keys is still an open problem when it comes to the deployment of emerging technologies such as healthcare applications and e-marketplace systems. To address these issues, in this paper, we proposed a secure and efficient public-key encryption with an equality test technique that supports anonymous authorization, abbreviated as (PKEET-AA). Our proposed scheme allows a specific user to identify who can perform the equality test process among various cloud servers without compromising sensitive information. It also provides an anonymous approach to search for some statistical information about specific identical encrypted records in several databases. Moreover, we prove that our proposed PKEET-AA scheme is one-way secure against chosen-ciphertext attack (OW-CCA) and undistinguishable against adaptive chosen ciphertext attack (IND-CCA) in the random oracle model. Thus, to provide authorization/multi-authorization anonymity under the Decisional Diffie–Hellman assumption.

Yinghui Zhang,Robert H. Deng,Shengmin Xu,Jianfei Sun,Qi Li,Dong Zheng

DOI: https://doi.org/10.1145/3398036

IF: 16.6

2021-07-31

ACM Computing Surveys

Abstract:Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

computer science, theory & methods

Yongjian Liao,Hongjie Chen,Fagen Li,Shaoquan Jiang,Shijie Zhou,Ramadan Mohammed

DOI: https://doi.org/10.1109/access.2018.2808944

IF: 3.9

2018-01-01

IEEE Access

Abstract:Attribute-based encryption is a popular cryptographic technology to protect the privacy of clients' data in cloud computing. In order to make the scheme have the functionality of comparing ciphertext, Zhu et al. combined concepts of key-policy attributed-based encryption with public key encryption with equality test and proposed key-policy attributed-based encryption with equality test. They defined its security model and put forward a scheme from bilinear pairing. In this paper, we first use two methods to show that their scheme is not secure for one-way under chosen ciphertext attack. Next, we show that the scheme is not secure for a test under chosen ciphertext attack defined in their paper yet. Finally, we point out the definition of a test under chosen ciphertext attack is very strong, which causes no scheme to satisfy the model.

Xi-Jun Lin,Lin Sun,Haipeng Qu,Xiaoshuai Zhang

DOI: https://doi.org/10.1016/j.comcom.2021.02.006

IF: 5.047

2021-01-01

Computer Communications

Abstract:Public key encryption with equality test (PKEET) is an important cryptographic primitive for protecting users? outsourced data in the cloud-based email systems. Due to the fact that it is required to deploy different authorization policies for the demand of dynamic privacy protection in the cloud-based email systems, Ma et al. recently presented a new related primitive, called public key encryption with equality test supporting flexible authorization (PKEET-FA). In their proposal, four types of authorization were considered to support different authorization policies. Their proposal is based on the bilinear pairings. However, as the basic operation of equality test, bilinear pairings are expensive operations compared with modular multiplications and modular inverses. Hence, it is desired to propose a new method for constructing efficient equality test with modular multiplications and modular inverses. In this paper, we present such a PKEET-FA scheme. Compared with Ma et al.?s, our proposal is (surprisingly) more efficient, especially in terms of equality test. Moreover, our proposal supports an additional type of authorization, called user-specific ciphertext-to-user (or user-specific user-to-ciphertext) level authorization. Hence, ours is more flexible than Ma et al.?s.

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1007/978-3-030-14234-6_24

2018-01-01

Abstract:In the cloud era people get used to store their data to the cloud server, and would use encryption technique to protect their sensitive data from leakage. However, encrypted data management is a challenging problem, for example, encrypted data classification. Besides, how to effectively control the access to the encrypted data is also an important problem. Ciphertext-policy attribute-based encryption with equality test (CP-ABEET) is an efficient solution to the aforementioned problems, which enjoys the advantage of attribute-based encryption, and in the meanwhile supports the test of whether two different ciphertexts contain the same message without the need of decryption. However, the existing CP-ABEET schemes suffer from high computation costs. In this paper, we study how to outsource the heavy computation in CP-ABEET scheme to a third-party server. We introduce the notion of CP-ABEET supporting outsourced decryption (OCP-ABEET), which saves a lot of local computation loads of CP-ABEET. We propose a concrete construction of OCP-ABEET, and prove its security based on a reasonable number-theoretic assumption in the random oracle model. Compared with the existing CP-ABEET schemes, our scheme is more computationally .

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.3837/tiis.2019.09.023

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

Zheng Qu,Saru Kumari,Mohammad S. Obaidat,Bander A. Alzahrani,Hu Xiong

DOI: https://doi.org/10.1109/jbhi.2023.3321939

IF: 7.7

2024-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The emerging Internet of Things (IoTs) and cloud technologies spark dramatic growth in efficiency and productivity for the conventional e-health sector. However, the extensive applications of the communication network also expose the sensitive medical data to the unprecedented cyber threats. To protect the data privacy in IoTs-based e-health cloud environments, we propose an adaptively secure data sharing scheme with traceability and equality test (T-ABEET). The T-ABEET not only allows flexible access control to the massive data but also provides the functionality of traitor tracing to identity the users who leak their decryption keys. Meanwhile, through carrying out the equality test, the target ciphertext can be retrieved efficiently without revealing anything about the plaintext. Particularly, distinct from previous traceable ABE works, the tracing cost in our T-ABEET scheme keeps constant even with the increasing number of users. Also, by introducing the multi-authority mechanism, our T-ABEET can avoid the inherent key escrow problem of ABE. Furthermore, our T-ABEET is demonstrated adaptively secure under subgroup decision assumption. Finally, performance comparison reveals that our T-ABEET has superior practicality, efficiency, and security in cloud-enabled e-health systems.

Gang Yu,Xiaoxiao Ma,Zhenfu Cao,Weihua Zhu,Junjie Zeng

DOI: https://doi.org/10.1007/978-3-319-69471-9_25

2017-01-01

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising public key encryption primitive enabling fine-grained access control on shared data in public cloud. However, two quite challenging issues, the prevention of key escrow and key abuse, still exist in CP-ABE system. In this paper, we propose a multi-authority CP-ABE scheme without key escrow and key abuse. To prevent key escrow, multiple authorities are employed to perform the same procedure of key generation for an attribute. Thus, no individual authority or colluded authorities that manage no common attribute can decrypt any ciphertext, and it can also resist collusion attack from curious authority with the help of dishonest users. To prevent key abuse of dishonest users, user’s global identifier along with a signature is embedded into the secret key. Thus, any third party can learn the identity from a shared secret key and publicly verify its validity. An advantage of simultaneously preventing key escrow and key abuse is that the proposed scheme can achieve accountability, i.e. an auditor can publicly audit a user or authorities abuse the secret key. At last, the proposed scheme is fully secure in the random oracle model, and due to a key aggregate algorithm its efficiency is comparable to the decentralizing CP-ABE scheme [18] on which it is based.

Xing Zhang,Cancan Jin,Cong Li,Zilong Wen,Qingni Shen,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_27

2015-01-01

Abstract:To ensure the security of sensitive data, people need to encrypt them before uploading them to the public storage. Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE lacks user and authority accountability. The user can share his/her secret key without being identified, while key generation center (KGC) can generate any user’s secret key. In this paper, we propose a practical large universe ciphertext-policy ABE (CP-ABE) with user and authority accountability in the white-box model. As embedding the user’s identity information into this user’s secret key directly, the trace stage has only O(1) time overhead. The property of accountability is proved against the dishonest user and KGC in the standard model. We implement our scheme in Charm. Experiments show that CP-ABE of Rouselakis and Waters in CCS 2013 is enhanced in user and authority accountability by our method with small computational cost.

Cong Li,Qingni Shen,Zhikang Xie,Jisheng Dong,Xinyu Feng,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1016/j.ins.2022.08.014

IF: 8.1

2022-01-01

Information Sciences

Abstract:Hierarchical-authority attribute-based encryption (HABE) can resolve the performance bottleneck of the key generation center in the traditional attribute-based encryption (ABE) system. HABE has numerous applications, such as cloud computing and smart grid systems. Nevertheless, almost all of the existing HABE schemes are in the ciphertext-policy setting and do not support non-monotonic access structures. In this work, we propose the first key-policy hierarchical-authority ABE with non-monotonic access structures, dubbed KP-HABE-NMaCS, which supports the authority key delegation, constant size ciphertexts and the large universe simultaneously. We further define the security model of KP-HABE-NMaCS and prove the selective security of it in the standard model. Then we optimize our scheme to realize the outsourced decryption. Subsequently, we present the detailed theoretical analysis of our constructions and the existing HABE constructions in computation and storage costs, and meanwhile implement ours and conduct a series of experiments. Both results indicate that our KP-HABE-NMaCS construction makes improvements in expressiveness and features, and achieves efficiency comparable to the previous HABE constructions. Furthermore, they also show that our extension construction is suitable for resource-limited applications. Eventually, we explore how to apply our KP-HABE-NMaCS to build an ABE with equality test and time-based authorization.

Miao Wang,Zhenfu Cao,Xiaolei Dong,Runmeng Du,Jiasheng Chen

DOI: https://doi.org/10.1109/jiot.2024.3470322

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the distributed computing environment, it is important to efficiently achieve secure access to data. One of the widely applied encryption mechanisms is the multi-authority attribute-based encryption. However, most existing multi-authority setting schemes were relied on bilinear pairings, which causes the system to bear a relatively large burden in computation overhead. In this paper, we proposes a decentralized multi-authority key-policy attribute-based encryption scheme without bilinear pairings, its security is relied solely on the decisional Diffie-Hellman assumption. It removes the trusted central authority and prevents user collusion attacks. Except for the global coordination between the attribute authorities, any party can simply play the part of a standard attribute authority by generating public keys and issuing corresponding decryption key components for users. The proposed scheme provides heightened security and efficiency compared to the current pairing-free multi-authority ABE scheme, as well as superior computational efficiency when compared to those utilizing bilinear pairings.

Jianfei Sun,Yangyang Bao,Xuyun Nie,Hu Xiong

DOI: https://doi.org/10.1109/access.2018.2843565

IF: 3.9

2018-01-01

IEEE Access

Abstract:Public key encryption with equality test (PKE-ET) enables anyone to perform equivalence test between two messages encrypted under distinct public keys. Attribute-hiding predicate encryption is a paradigm for public key encryption that supports both attribute-hiding and fine-grained access control. In this paper, we first initialize the concept of attribute-hiding predicate encryption with equality test (AH-PE-ET) by incorporating the notions of PKE-ET and PE, and then propose a concrete AH-PE-ET scheme. Inheriting the merits of predicate encryption, versatile access control can be achieved such that the ciphertexts and the secret key are, respectively, associated with the descriptive attributes x and the boolean functions f and decryption can only be done if f (x) returns true. In the AH-PE-ET scheme, one data receiver can calculate a trapdoor using his/her private key and delivers this trapdoor to an untrusted cloud server, who in turn compares the ciphertexts from this receiver with other receivers' ciphertexts. During the comparison, the information about the trapdoor as well as the attributes associated with the ciphertexts will not be disclosed to this cloud server. Furthermore, it is also proven to be selectively secure against the chosen plaintext attack in the standard model under the decisional bilinear Diffie-Hellman assumption. Finally, the theoretical performance analysis and experimental simulation indicate the feasibility and practicability of our suggested scheme.

Zhang Wei,Zhang Zhishuo,Xiong Hu,Qin Zhiguang

DOI: https://doi.org/10.1007/s12652-021-02922-6

2021-01-01

Abstract:In recent years, attribute-based encryption (ABE) provides a new idea to help researchers solving the problem of data privacy protection in cloud. But there are two issues in traditional ABE, the first issue is that the attributes in the access structures will be sent to users in cleartext together with the ciphertext. So a attacker has the opportunity to obtain some of the private information from the plaintext access structure. And the other issue is the traditional ABE scheme cannot revoke the users' illegal keys in an efficient way. To handle both of the above challenges, we come up with a large universe ciphertext-policy ABE (CP-ABE) scheme which supports partially hidden access structures (PHAS) and highly efficient key revocation at the same time in this paper. What's more, unlike most previous schemes, first our access structure is based on the expressive linear secret sharing scheme (LSSS) which supports both AND and OR gates in access formulas and second our scheme is built from the prime-order bilinear pairing groups. The comparison with other relevant works presents that our scheme is more comprehensive and efficient. Finally we rigorously prove and analyze that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA) in the random oracle model (ROM) and our access structure is really anonymous against off-line dictionary attacks.

Zhiting Zhang,Peng Zeng,Bofeng Pan,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2020.2986303

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Attribute-based encryption (ABE) can be utilized to achieve both data security and fine-grained access control in a cloud computing environment. However, we need to consider the risks of key abuse and key escrow in such a setting. Specifically, the former risk category includes the illegal sharing of user’s keys (i.e., user key abuse) and illegal key distribution by an authority (i.e., authority key abuse), and the latter includes the scenario where some ciphertext is decrypted by the authority without the user’s approval. Hence, in this article, we seek to address both key abuse and key escrow concerns when deploying ABE in a cloud computing environment. In our construction, two authorities [i.e., a key generation center (KGC) and an attribute authority (AA)] participate in the generation of the user’s secret key. Both KGC and AA will not know the full decryption key or have the capability to forge one. As a result, neither KGC nor AA can illegally distribute the user’s private key to unauthorized users or decrypt user’s ciphertexts without the user’s approval. In addition, in our scheme, any private keys modified by malicious users cannot be successfully used for decryption. In the event that some user illegally shares his/her original private key, the scheme has in place a mechanism to trace the abused private key (since the user’s identity information is embedded in the private key). Hence, our scheme supports public traceability, key abuse, and key escrow. In addition, our scheme is based on prime order bilinear groups, and is shown to be selectively secure in the standard model.

Jianqiang Li,Shulan Wang,Yuan Li,Haiyan Wang,Huiwen Wang,Huihui Wang,Jianyong Chen,Zhuhong You

DOI: https://doi.org/10.1109/tii.2019.2931156

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recently, more and more users and enterprises have entrusted data storage and platform construction to proxy cloud service provider (PCSP) through cloud technology. Under this background, the attribute-based encryption (ABE) mechanism is an alternative to fill the drawbacks of the traditional encryption through flexible fine-grained access policy and collusion prevention. However, there exist some security issues when the access policy and file need to be updated in practical applications. And the ABE has the problems of excessive computation and storage costs. In this article, an efficient ciphertext-policy ABE scheme with policy update and file update is proposed in cloud computing. The ciphertext components generated by first encryption can be shared when the policy update and file update happens. It reduces the storage and communication costs of the client, and the computational cost of the PCSP. Moreover, the proposed scheme is proved to be secure under the assumption of decision q-parallel bilinear Diffie–Hellman exponent (BDHE). Finally, experimental simulation shows that the proposed scheme is highly efficient in terms of policy update and file update.

Shuo Zhang,Wenmin Li,Qiaoyan Wen,Hua Zhang,Zhengping Jin

DOI: https://doi.org/10.1007/s11277-020-07503-y

IF: 2.017

2020-01-01

Wireless Personal Communications

Abstract:Attribute based encryption is an effective method which can solve the access control problem of cloud storage. Realizing both efficient attributes revocation and outsourcing decryption would enhance mobile user experience. In this paper, we present a new scheme of Key-Policy Attribute Based Encryption in hybrid cloud system. In our scheme, the most of computation in the decryption process can be outsourced to the cloud and the efficiency of system is improved. In addition, the attributes of malicious users or expired ones can be revoked with unrelated users offline. Moreover system consumes a little resources rather than rebuilds the system or updates all data immediately. We also give a proof of security, a detailed description of execution and efficiency analysis.