Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1093/comjnl/bxz036

2019-01-01

The Computer Journal

Abstract:Thanks to the ease of access and low expenses, it is now popular for people to store data in cloud servers. To protect sensitive data from being leaked to the outside, people usually encrypt the data in the cloud. However, management of these encrypted data becomes a challenging problem, e.g. data classification. Besides, how to selectively share data with other users is also an important and interesting problem in cloud storage. In this paper, we focus on ciphertext-policy attribute based encryption with equality test (CP-ABEET). People can use CP-ABEET to implement not only flexible authorization for the access to encrypted data, but also efficient data label classification, i.e. test of whether two encrypted data contain the same message. We construct an efficient CP-ABEET scheme, and prove its security based on a reasonable number-theoretic assumption. Compared with the only existing CP-ABEET scheme, our construction is more efficient in key generation, and has shorter attribute-related secret keys and better security.

Yuanhao Wang,Yuzhao Cui,Qiong Huang,Hongbo Li,Jianye Huang,Guomin Yang

DOI: https://doi.org/10.1109/ACCESS.2020.2973459

IF: 3.9

2020-01-01

IEEE Access

Abstract:Sensitive data would be encrypted before uploading to the cloud due to the privacy issue. However, how to compare the encrypted data efficiently becomes a problem. Public Key Encryption with Equality Test (PKEET) provides an efficient way to check whether two ciphertexts (of possibly different users) contain the same message without decryption. As an enhanced variant, Attribute-based Encryption with Equality Test (ABEET) provides a flexible mechanism of authorization on the equality test. Most of the existing ABEET schemes are only proved to be secure in the random oracle model. Their security, however, would not be guaranteed if random oracles are replaced with real-life hash functions. In this work, we propose a construction of CP-ABEET scheme and prove its security based on some reasonable assumptions in the standard model. We then show how to modify the scheme to outsource complex computations in decryption and equality test to a third-party server in order to support thin clients.

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1007/978-3-030-14234-6_24

2018-01-01

Abstract:In the cloud era people get used to store their data to the cloud server, and would use encryption technique to protect their sensitive data from leakage. However, encrypted data management is a challenging problem, for example, encrypted data classification. Besides, how to effectively control the access to the encrypted data is also an important problem. Ciphertext-policy attribute-based encryption with equality test (CP-ABEET) is an efficient solution to the aforementioned problems, which enjoys the advantage of attribute-based encryption, and in the meanwhile supports the test of whether two different ciphertexts contain the same message without the need of decryption. However, the existing CP-ABEET schemes suffer from high computation costs. In this paper, we study how to outsource the heavy computation in CP-ABEET scheme to a third-party server. We introduce the notion of CP-ABEET supporting outsourced decryption (OCP-ABEET), which saves a lot of local computation loads of CP-ABEET. We propose a concrete construction of OCP-ABEET, and prove its security based on a reasonable number-theoretic assumption in the random oracle model. Compared with the existing CP-ABEET schemes, our scheme is more computationally .

Jianfei Sun,Yangyang Bao,Xuyun Nie,Hu Xiong

DOI: https://doi.org/10.1109/access.2018.2843565

IF: 3.9

2018-01-01

IEEE Access

Abstract:Public key encryption with equality test (PKE-ET) enables anyone to perform equivalence test between two messages encrypted under distinct public keys. Attribute-hiding predicate encryption is a paradigm for public key encryption that supports both attribute-hiding and fine-grained access control. In this paper, we first initialize the concept of attribute-hiding predicate encryption with equality test (AH-PE-ET) by incorporating the notions of PKE-ET and PE, and then propose a concrete AH-PE-ET scheme. Inheriting the merits of predicate encryption, versatile access control can be achieved such that the ciphertexts and the secret key are, respectively, associated with the descriptive attributes x and the boolean functions f and decryption can only be done if f (x) returns true. In the AH-PE-ET scheme, one data receiver can calculate a trapdoor using his/her private key and delivers this trapdoor to an untrusted cloud server, who in turn compares the ciphertexts from this receiver with other receivers' ciphertexts. During the comparison, the information about the trapdoor as well as the attributes associated with the ciphertexts will not be disclosed to this cloud server. Furthermore, it is also proven to be selectively secure against the chosen plaintext attack in the standard model under the decisional bilinear Diffie-Hellman assumption. Finally, the theoretical performance analysis and experimental simulation indicate the feasibility and practicability of our suggested scheme.

Rashad Elhabob,Yanan Zhao,Iva Sella,Hu Xiong

DOI: https://doi.org/10.3837/tiis.2019.09.023

2019-01-01

KSII Transactions on Internet and Information Systems

Abstract:Cloud computing provides a broad range of services like operating systems, hardware, software and resources. Availability of these services encourages data owners to outsource their intensive computations and massive data to the cloud. However, considering the untrusted nature of cloud server, it is essential to encrypt the data before outsourcing it to the cloud. Unfortunately, this leads to a challenge when it comes to providing search functionality for encrypted data located in the cloud. To address this challenge, this paper presents a public key encryption with equality test for heterogeneous systems (PKE-ET-HS). The PKE-ET-HS scheme simulates certificateless public encryption with equality test (CLE-ET) with the identity-based encryption with equality test (IBE-ET). This scheme provides the authorized cloud server the right to actuate the equivalence of two messages having their encryptions performed under heterogeneous systems. Basing on the random oracle model, we construct the security of our proposed scheme under the bilinear Diffie-Hellman (BDH) assumption. Eventually, we evaluate the size of storage, computation complexities, and properties with other related works and illustrations indicate good performance from our scheme.

Xi-Jun Lin,Lin Sun,Haipeng Qu,Xiaoshuai Zhang

DOI: https://doi.org/10.1016/j.comcom.2021.02.006

IF: 5.047

2021-01-01

Computer Communications

Abstract:Public key encryption with equality test (PKEET) is an important cryptographic primitive for protecting users? outsourced data in the cloud-based email systems. Due to the fact that it is required to deploy different authorization policies for the demand of dynamic privacy protection in the cloud-based email systems, Ma et al. recently presented a new related primitive, called public key encryption with equality test supporting flexible authorization (PKEET-FA). In their proposal, four types of authorization were considered to support different authorization policies. Their proposal is based on the bilinear pairings. However, as the basic operation of equality test, bilinear pairings are expensive operations compared with modular multiplications and modular inverses. Hence, it is desired to propose a new method for constructing efficient equality test with modular multiplications and modular inverses. In this paper, we present such a PKEET-FA scheme. Compared with Ma et al.?s, our proposal is (surprisingly) more efficient, especially in terms of equality test. Moreover, our proposal supports an additional type of authorization, called user-specific ciphertext-to-user (or user-specific user-to-ciphertext) level authorization. Hence, ours is more flexible than Ma et al.?s.

Bo Lang,Runhua Xu,Yawei Duan

DOI: https://doi.org/10.5220/0004525801470157

2013-01-01

Abstract:Ciphertext-Policy Attribute Based Encryption (CP-ABE) is recognized as an important data protection mechanism in cloud computing environment for its flexible, scalable and fine-grained access control features. For enhancing its security, efficiency and policy flexibility, researchers have proposed different schemes of CP-ABE which have different kinds of access policy structures. However, as far as we know, most of these structures only support AND, OR and threshold attribute operations. In order to achieve more effective data self-protection mechanisms in open environments such as Cloud computing, CP-ABE needs to support more flexible attribute based policies, most of which are described using operators of NOT, <, <=, >, >=. This paper proposed an Extended CP-ABE(ECP-ABE) scheme based on the existing CP-ABE scheme. The ECP-ABE scheme can express any access policy represented by arithmetic comparison and logical expressions that involve NOT, <, <=, >, >=. operators in addition to AND, OR and threshold operators. We prove the Chosen-plaintext Attack (CPA) security of our scheme under the Decisional Bilinear DiffieHellman (DBDH) assumption in the standard model, and also discuss the experimental results of the efficiency of ECP-ABE.

Nabeil Eltayieb,Rashad Elhabob,Alzubair Hassan,Fagen Li

DOI: https://doi.org/10.1007/978-3-030-05063-4_18

2018-01-01

Abstract:The data of user should be protected against untrusted cloud server. A simple way is to use cryptographic methods. Attribute-based encryption (ABE) plays a vital role in securing many applications, particularly in cloud computing. In this paper, we propose a scheme called fine-grained attribute-based encryption supporting equality test (FG-ABEET). The proposed scheme grants the cloud server to perform if two ciphertexts are encryptions of the same message encrypted with the same access policy or different access policy. Moreover, the cloud server can perform the equality test operation without knowing anything about the message encrypted under either access policy. The FG-ABEET scheme is proved to be secure under Decisional Bilinear Diffe-Hellman (DBDH) assumption. In addition, the performance comparisons reveal that the proposed FG-ABEET scheme is efficient and practical.

Karary university,Xiong Hu,Arab East Colleges for Graduate Studies,Ramadan Mohammed,Qin Zhiguang

DOI: https://doi.org/10.1007/s11276-020-02462-5

IF: 2.701

2020-01-01

Wireless Networks

Abstract:With the rapid popularity and wide adoption of cloud storage, providing privacy-preserving by protecting sensitive information becomes a matter of grave concern. The most effective and sensible way to address this issue is to encrypt the data before uploading it to the cloud. However, to search over encrypted data with different keys is still an open problem when it comes to the deployment of emerging technologies such as healthcare applications and e-marketplace systems. To address these issues, in this paper, we proposed a secure and efficient public-key encryption with an equality test technique that supports anonymous authorization, abbreviated as (PKEET-AA). Our proposed scheme allows a specific user to identify who can perform the equality test process among various cloud servers without compromising sensitive information. It also provides an anonymous approach to search for some statistical information about specific identical encrypted records in several databases. Moreover, we prove that our proposed PKEET-AA scheme is one-way secure against chosen-ciphertext attack (OW-CCA) and undistinguishable against adaptive chosen ciphertext attack (IND-CCA) in the random oracle model. Thus, to provide authorization/multi-authorization anonymity under the Decisional Diffie–Hellman assumption.

Zhan-bin LIU,Hong LIU,Yi-mang HUO

DOI: https://doi.org/10.3969/j.issn.1671-1122.2014.07.011

2014-01-01

Abstract:Cloud computing provides an emerging data interactive paradigm, and realizes users’ data remote storage, sharing and computing. Due to the system complexity, network openness, resource concentration, and data sensitivity, the process of the user accessing the cloud server is suffering from severe security threats, which make that the cloud data protection becomes an important issue. This work first introduces the system components, trust model, and attack model, and proposes a ciphertext-policy attribute based encryption (CP-ABE) based data access control protocol to achieve data protection. The proposed protocol applies the semi-group property of Chebyshev chaotic map for authentication, and adopts lightweight CP-ABE scheme for authorization. Meanwhile, the security mechanisms including authentication, access control, and forward security are applied to achieve user identification and data access control. According to the storage requirement analysis, the protocol owns fixed storage requirements in the attribute set and key, avoiding the linear growth of massive data interaction. It turns out that the protocol is secure, reliable and flexible for the large-scale data interactions in the cloud environments.

Yinghui Zhang,Robert H. Deng,Shengmin Xu,Jianfei Sun,Qi Li,Dong Zheng

DOI: https://doi.org/10.1145/3398036

IF: 16.6

2021-07-31

ACM Computing Surveys

Abstract:Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

computer science, theory & methods

Qingshui Xue,Chenyang Wang,Zhen Xue

DOI: https://doi.org/10.1109/iceitsa57468.2022.00054

2022-01-01

Abstract:The traditional ciphertext-policy attribute-based encryption (CP-ABE) has the problems of poor security of key distribution by a single attribute authorization center and too much calculation on the client in the process of encryption and decryption. A CP-ABE scheme that can outsource encryption and decryption and support multi-authorization centers is introduced to solve the above two problems. In the key generation stage, the user's private key is generated by the attribute authorization center and the key generation center jointly executing the two-party secure computing protocol; In the encryption and decryption stage, the cloud encryption server and cloud storage server are used to handle most of the computing work. Security proof and performance analysis show that the scheme not only can effectively make up for the defect of all key leakage when the attribute authorization center is broken, but also can enhance the security of the system; Moreover, after using the cloud server to process data, users only need to perform a simple calculation on the client to complete encryption or decryption, thus reducing the user's computing workload.

Yinghui Zhang,Dong Zheng,Xiaofeng Chen,Jin Li,Hui Li

DOI: https://doi.org/10.1007/978-3-319-12475-9_18

2014-01-01

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is extremely suitable for cloud computing environment in that it enables data owners to make and enforce access policies themselves. However, most of the existing CP-ABE schemes suffer severe efficiency drawbacks due to large computation cost and ciphertext size, both of which linearly increase with the complexity of access policies. Aiming at tackling the challenge above, in this paper, we propose a CP-ABE scheme which features constant computation cost and constant-size ciphertexts. The proposed CP-ABE scheme is proven selective-secure in the random oracle model under the decision n-Bilinear Diffie-Hellman Exponent (n-BDHE) assumption, where n represents the total number of attributes in universe. In particular, the proposed scheme can efficiently support AND-gate access policies with multiple attribute values and wildcards. Performance comparisons indicate that the proposed CP-ABE scheme is promising in real-world applications, especially for the scenarios where computation and bandwidth issues are major concerns.

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Jianqiang Li,Shulan Wang,Yuan Li,Haiyan Wang,Huiwen Wang,Huihui Wang,Jianyong Chen,Zhuhong You

DOI: https://doi.org/10.1109/tii.2019.2931156

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recently, more and more users and enterprises have entrusted data storage and platform construction to proxy cloud service provider (PCSP) through cloud technology. Under this background, the attribute-based encryption (ABE) mechanism is an alternative to fill the drawbacks of the traditional encryption through flexible fine-grained access policy and collusion prevention. However, there exist some security issues when the access policy and file need to be updated in practical applications. And the ABE has the problems of excessive computation and storage costs. In this article, an efficient ciphertext-policy ABE scheme with policy update and file update is proposed in cloud computing. The ciphertext components generated by first encryption can be shared when the policy update and file update happens. It reduces the storage and communication costs of the client, and the computational cost of the PCSP. Moreover, the proposed scheme is proved to be secure under the assumption of decision q-parallel bilinear Diffie–Hellman exponent (BDHE). Finally, experimental simulation shows that the proposed scheme is highly efficient in terms of policy update and file update.

Zhang Wei,Zhang Zhishuo,Xiong Hu,Qin Zhiguang

DOI: https://doi.org/10.1007/s12652-021-02922-6

2021-01-01

Abstract:In recent years, attribute-based encryption (ABE) provides a new idea to help researchers solving the problem of data privacy protection in cloud. But there are two issues in traditional ABE, the first issue is that the attributes in the access structures will be sent to users in cleartext together with the ciphertext. So a attacker has the opportunity to obtain some of the private information from the plaintext access structure. And the other issue is the traditional ABE scheme cannot revoke the users' illegal keys in an efficient way. To handle both of the above challenges, we come up with a large universe ciphertext-policy ABE (CP-ABE) scheme which supports partially hidden access structures (PHAS) and highly efficient key revocation at the same time in this paper. What's more, unlike most previous schemes, first our access structure is based on the expressive linear secret sharing scheme (LSSS) which supports both AND and OR gates in access formulas and second our scheme is built from the prime-order bilinear pairing groups. The comparison with other relevant works presents that our scheme is more comprehensive and efficient. Finally we rigorously prove and analyze that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA) in the random oracle model (ROM) and our access structure is really anonymous against off-line dictionary attacks.

Hao Lin,Fei Gao,Hua Zhang,Zhengping Jin,Wenmin Li,Qiaoyan Wen

DOI: https://doi.org/10.1109/jsyst.2021.3106701

IF: 4.802

2022-03-01

IEEE Systems Journal

Abstract:In cloud storage, public key encryption with equality test (PKEET) is suitable for testing whether two ciphertexts generated from different public keys contain the same message without decryption. Recently, (Y. J. Wang et al., 2019) have proposed a public key signcryption scheme with designated equality test (PKS-DET). In this scheme, since the public key of the tester is used in the encryption, the tester needs to use its secret key to test the ciphertexts. Without trapdoor, PKS-DET prevents the attacker from testing the user's ciphertexts with the stolen trapdoor. Therefore, the privacy of the user can be protected. However, if the user in the PKS-DET wants to authorize the other tester to test his/her ciphertexts for some reason, the message needs to be encrypted again by the public key of the other tester. This will lead to higher computational complexity. Hence, the PKS-DET is not flexible to authorize multiple testers. In this article, we propose a construction of PKEET supporting flexible designated authorization (PKEET-FDA). The user in our PKEET-FDA can adaptively authorize multiple testers to test his/her ciphertexts, and each authorized tester must use its secret key to perform equality test for the ciphertexts. More importantly, the user does not need to encrypt the message repeatedly any more. We demonstrate the security of PKEET-FDA under two types of adversaries. Compared with the related efficient PKEET schemes, PKEET-FDA satisfies high efficiency from the point of view of the user. In terms of storage requirement, our construction is superior to the PKS-DET.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Runhua Xu,Bo Lang

DOI: https://doi.org/10.1504/ijcc.2015.074224

2015-01-01

International Journal of Cloud Computing

Abstract:With flexible and scalable features for fine-grained access control, ciphertext policy attribute-based encryption (CP-ABE) is widely used as a kind of data protection mechanism in cloud computing. However, the access policy of CP-ABE scheme may contain sensitive information which causes privacy revelation of the data provider or receiver. Some papers proposed hidden policy CP-ABE schemes, which were based on And-gate access structure whose expressive ability of access policy was limited. CP-ABE with the tree-based access structure has stronger expressive ability and more flexible access control capability. Therefore, it has broad application prospects compared to other mechanisms. This paper proposed a tree-based access structure CP-ABE scheme with hidden policy (CP-ABE-HP), and also proved that the scheme had chosen-plaintext attack (CPA) security. CP-ABE-HP could both protect the policy and had flexible access control capability. Then, considering the characteristics of cloud computing environment, the paper constructed a new self-contained data protection mechanism based on CP-ABE-HP, which could provide reliable and flexible security control to the data in cloud.

Bo Lang,Runhua Xu,Yawei Duan

DOI: https://doi.org/10.1007/978-3-662-44788-8_18

2014-01-01

Abstract:Self-protection capabilities of outsourced data become noteworthily important in cloud computing. Ciphertext-Policy Attribute Based Encryption (CP-ABE) can dynamically control the user group of the encrypted data by defining decryption attributes; hence has certain ability of access control. Although there are different schemes of CP-ABE, as far as we know, most of these schemes can only express simple policies with AND, OR and threshold attribute operations, which cannot support traditional access control policies. In order to effectively integrate access control with encryption to build a self-contained data protection mechanism, this paper proposed an Extended CP-ABE (ECP-ABE) scheme based on the existing CP-ABE scheme. The ECP-ABE scheme can express any Attribute Based Access Control (ABAC) policies represented by arithmetic comparison and logical expressions that involve \(NOT,<,\le ,>,\ge , [\ ], (\ ), (\ ]\) and \([\ )\) operators in addition to AND, OR and threshold operators. We prove the Chosen-plaintext Attack (CPA) security of our scheme under the Decisional Bilinear Diffie-Hellman (DBDH) assumption in the standard model, and also discuss the experimental results of the efficiency of ECP-ABE.

Xin Dong,Jiadi Yu,Yuan Luo,Yingying Chen,Guangtao Xue,Minglu Li

DOI: https://doi.org/10.1109/glocom.2013.6831152

2013-01-01

Abstract:Data sharing in the cloud, fueled by favorable cloud technology trends, has emerging as a promising pattern in regard to enabling data more accessible to users in a convenient manner. To achieve data sharing, enterprises and customers in increasing numbers keep their data stored into cloud server. In this paper, we focus on seeking a solution that allows secure and effective access to the cloud data. We propose an effective and flexible privacy-preserving data policy, P2E, utilizing ciphertext policy attribute-based encryption (CP-ABE) and combining it with technique of identity-based encryption (IBE). In addition to ensuring strong data sharing security, the policy succeeds in preserving the privacy of cloud users. Security analysis indicates that the proposed policy is security and enforces fine-grained access control and full collusion resistance simultaneously. Furthermore, our performance analysis and experimental results show that P2E is as light as possible.