Xing Zhang,Cancan Jin,Cong Li,Zilong Wen,Qingni Shen,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1007/978-3-319-28865-9_27

2015-01-01

Abstract:To ensure the security of sensitive data, people need to encrypt them before uploading them to the public storage. Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained sharing of encrypted data. However, ABE lacks user and authority accountability. The user can share his/her secret key without being identified, while key generation center (KGC) can generate any user’s secret key. In this paper, we propose a practical large universe ciphertext-policy ABE (CP-ABE) with user and authority accountability in the white-box model. As embedding the user’s identity information into this user’s secret key directly, the trace stage has only O(1) time overhead. The property of accountability is proved against the dishonest user and KGC in the standard model. We implement our scheme in Charm. Experiments show that CP-ABE of Rouselakis and Waters in CCS 2013 is enhanced in user and authority accountability by our method with small computational cost.

Ting Guo,Abdugeni Abduxkur,Nurmamat Helil

DOI: https://doi.org/10.1049/2024/6963475

2024-06-20

IET Information Security

Abstract:Ciphertext‐policy attribute‐based encryption (CP‐ABE) is a cryptographic scheme suitable for secure data sharing on cloud storage. The CP‐ABE based on lattice theory has the property of resisting quantum attack. Some data objects uploaded to the cloud by the same data owner may cause conflicts of interest, or their combination may expose sensitive information. This paper proposes a revocable CP‐ABE scheme on the lattice, based on ring learning with error (R‐LWE) problem, to enforce access control constraints on user access to such data objects. In this scheme, first, the access policies of such data objects are amended by adding dummy attributes. Second, we control the secret key components associated with the dummy attributes or revoke the dummy attributes to prevent users from continuously accessing specific parts or all data objects from this kind of data set. Finally, we carry on the efficiency and security analysis of the scheme. The analysis results show that the scheme is efficient and safe.

computer science, information systems, theory & methods

Shida Shamsazad

2024-01-25

Abstract:In this paper, we present a novel ciphertext-policy attribute based encryption (CP-ABE) scheme that offers a flexible access structure. Our proposed scheme incorporates an access tree as its access control policy, enabling fine-grained access control over encrypted data. The security of our scheme is provable under the hardness assumption of the decisional Ring-Learning with Errors (R-LWE) problem, ensuring robust protection against unauthorized access. CP-ABE is a cryptographic technique that allows data owners to encrypt their data with access policies defined in terms of attributes. Only users possessing the required attributes can decrypt and access the encrypted data. Our scheme extends the capabilities of CP-ABE by introducing a flexible access structure based on an access tree. This structure enables more complex and customizable access policies, accommodating a wider range of real-world scenarios. To ensure the security of our scheme, we rely on the decisional R-LWE problem, a well-established hardness assumption in cryptography. By proving the security of our scheme under this assumption, we provide a strong guarantee of protection against potential attacks. Furthermore, our proposed scheme operates in the standard model, which means it does not rely on any additional assumptions or idealized cryptographic primitives. This enhances the practicality and applicability of our scheme, making it suitable for real-world deployment. We evaluate the performance and efficiency of our scheme through extensive simulations and comparisons with existing CP-ABE schemes. The results demonstrate the effectiveness and scalability of our proposed approach, highlighting its potential for secure and flexible data access control in various domains.

Cryptography and Security

Yuan,Yuan,Zhao,Zhou,Shao,Wang,Zhao

DOI: https://doi.org/10.3390/e26090729

IF: 2.738

2024-08-29

Entropy

Abstract:In recent years, research on attribute-based encryption (ABE) has expanded into the quantum domain. Because a traditional single authority can cause the potential single point of failure, an improved lattice-based quantum-resistant identity authentication and policy attribute encryption scheme is proposed, in which the generation of random values is optimized by adjusting parameters in the Gaussian sampling algorithm to improve overall performance. Additionally, in the key generation phase, attributes are processed according to their shared nature, which reduces the computational overhead of the authorization authority. In the decryption phase, the basis transformation of the Lenstra–Lenstra–Lovász (LLL) lattice reduction algorithm is utilized to rapidly convert shared matrices into the shortest vector form, which can reduce the computational cost of linear space checks. The experimental results demonstrate that the proposed method not only improves efficiency but also enhances security compared with related schemes.

physics, multidisciplinary

Fugeng Zeng ,Chunxiang Xu ,Xinpeng Zhang

DOI: https://doi.org/10.4156/aiss.vol4.issue12.23

2012-01-01

Abstract:In the ciphertext-policy ABE (CP-ABE) schemes, attributes are associated with secret keys and access structures are associated with ciphertexts. The access structures are described with the attributes and therefore the concept of CP-ABE is closely related to Role-Based Access Control. Because it requires both of the encryptor and the key generalization center meeting the construction, it will be more difficult to design. Ibraimi et al.[7] allegedly proposed an efficient and provable secure CP-ABE schemes. They require that the simulator can not send back the private keys of attributes which overlap with challenging access attributes. We point out their fault of security proof and their requirement is a small probability event and it is unreasonable to reduce to standard DBDH assumption. However, we give a proof in the generic bilinear group model, which is weaker than DBDH assumption.

Ying He,Haiyan Wang,Yuan Li,Ke Huang,Victor C. M. Leung,F. Richard Yu,Zhong Ming

DOI: https://doi.org/10.1109/jiot.2021.3099171

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:In the last few decades, ciphertext-policy attribute-based encryption (CP-ABE) technology has attracted great interest, since it can provide fine-grained, flexible, and access control for sensitive data to implement a high secure and efficient data-sharing mechanism. In this article, based on the linear secret sharing scheme (LSSS), an efficient scheme is proposed to realize a collaborative decryption function. For any user group, when the user's attribute set cannot access the ciphertext alone, the private key of other users in the same group can be used for collaborative decryption with the permission of the data owner. Our scheme uses the LSSS matrix that can significantly reduce the computation and storage overhead when comparing with the existing schemes. Then, a multiauthorization model is created based on the Bohen–Lynn–Shacham technology in order to solve the key-management issue. Finally, we implemented the specific functions of the framework through JAVA, and built a private chain to verify the feasibility of data transfer between users.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shuwei Xie,Leyou Zhang,Qing Wu,Fatemeh Rezaeibagha

DOI: https://doi.org/10.1016/j.sysarc.2024.103179

IF: 5.836

2024-05-19

Journal of Systems Architecture

Abstract:The emergence of the Internet of Medical Things (IoMT) has presented numerous opportunities for the healthcare industry. It is anticipated to enhance the quality and efficiency of medical services, thus enhancing people's overall quality of life. However, frequently occurring medical data leakage makes the protection of medical data and privacy in IoMT become a critical issue. Among the solutions, attribute-based encryption (ABE) has been a very promising solution due to its flexible and fine-grained access control to encrypted data. However, the majority of current ABE schemes are based on bilinear pairing and are vulnerable to quantum attacks. The available of multi-authority ABE schemes over lattice only support a single policy such as threshold or AND gate, and lack the ability to implement user or attribute revocation in a flexible manner. For the special algebra structure of the lattice based scheme, how to overcome them is still a challenge at present. Aiming at the above, we propose a novel multi-authority key-policy attribute based encryption (RM-KP-ABE) based on the Ring Learning With Errors (RLWE) assumption. It supports multi-valued attributes and {0,1} -LSSS access policy. This scheme allows multiple authorities to participate in key distribution and enables attribute revocation when dynamic users change their situation. {0,1} -LSSS access policy makes the proposal get highly expressive which supports any monotonic boolean formula. Security analysis and performance evaluations demonstrate that our scheme is secure and efficient.

computer science, software engineering, hardware & architecture

Shucheng Yu,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1145/1755688.1755720

2010-01-01

Abstract:Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical applications usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we resolve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In addition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.

Fucai Luo,Saif Al-Kuwari,Haiyan Wang,Fuqun Wang,Kefei Chen

DOI: https://doi.org/10.1016/j.csi.2022.103698

2023-03-01

Abstract:Attribute-based encryption (ABE) is an attractive extension of public key encryption, which provides fine-grained and role-based access to encrypted data. In its key-policy flavor, the secret key is associated with an access policy and the ciphertext is marked with a set of attributes. In many practical applications, and in order to address scenarios where users become malicious or their secret keys are compromised, it is necessary to design an efficient revocation mechanism for ABE. However, prior works on revocable key-policy ABE schemes are based on classical number-theoretic assumptions, which are vulnerable to quantum attacks. In this work, we propose the first revocable key-policy ABE scheme that offers an efficient revocation mechanism while maintaining fine-grained access control to encrypted data. Our scheme is based on the learning with errors (LWE) problem, which is widely believed to be quantum-resistant. Our scheme supports polynomial-depth policy function and has short secret keys, where the size of the keys depends only on the depth of the supported policy function. Furthermore, we prove that our scheme satisfies selective revocation list security in the standard model under the LWE assumption.

computer science, software engineering, hardware & architecture

DOI: https://doi.org/10.1186/s13677-023-00414-w

2023-03-13

Journal of Cloud Computing

Abstract:Cloud file sharing (CFS) has become one of the important tools for enterprises to reduce technology operating costs and improve their competitiveness. Due to the untrustworthy cloud service provider, access control and security issues for sensitive data have been key problems to be addressed. Current solutions to these issues are largely related to the traditional public key cryptography, access control encryption or attribute-based encryption based on the bilinear mapping. The rapid technological advances in quantum algorithms and quantum computers make us consider the transition from the tradtional cryptographic primitives to the post-quantum counterparts. In response to these problems, we propose a lattice-based Ciphertext-Policy Attribute-Based Encryption(CP-ABE) scheme, which is designed based on the ring learing with error problem, so it is more efficient than that designed based on the learing with error problem. In our scheme, the indirect revocation and binary tree-based data structure are introduced to achieve efficient user revocation and dynamic management of user groups. At the same time, in order to further improve the efficiency of the scheme and realize file sharing across enterprises, the scheme also allows multiple authorities to jointly set up system parameters and manage distribute keys. Furthermore, by re-randomizing the user's private key and update key, we achieve decryption key exposure resistance(DKER) in the scheme. We provide a formal security model and a series of security experiments, which show that our scheme is secure under chosen-plaintext attacks. Experimental simulations and evaluation analyses demonstrate the high efficiency and practicality of our scheme.

Cancan Jin,Xinyu Feng,Qingni Shen

DOI: https://doi.org/10.1145/3017971.3017981

2016-01-01

Abstract:In ciphertext policy attribute-based encryption scheme, access policies are associated with ciphertext and tied to it. It is necessary to hide the access policy in the most sensitive spots such as political, medical and economic fields, that is, receiver's anonymity. In this paper, we propose an efficient CP-ABE construction with hidden policy and prove it to be fully secure under static assumptions applying the dual system encryption methodology. Access structures in our construction are AND gates on positive, negative and wildcard attributes and the ciphertext size is short, which is only concerned with the number of wildcards.

Zhaoqian Zhang,Jianbiao Zhang,Yilin Yuan,Zheng Li

DOI: https://doi.org/10.1109/jiot.2021.3117378

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:As the public cloud becomes one of the leading ways in data-sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This article proposes a fully policy-hidden CP-ABE scheme constructed on linear secret sharing scheme (LSSS) access structure and prime-order groups for public cloud data sharing. To help users decrypt, hidden vector encryption (HVE) with a "convert step" is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jin Li,Kui Ren,Bo Zhu,Zhiguo Wan

DOI: https://doi.org/10.1007/978-3-642-04474-8_28

2009-01-01

Abstract:As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. To further address the concern of user access privacy, privacy-aware ABE schemes are being developed to achieve hidden access policy recently. For the purpose of secure access control, there is, how- ever, still one critical functionality missing in the existing ABE schemes, which is user accountability. Currently, no ABE scheme can completely prevent the problem of illegal key sharing among users. In this paper, we tackle this problem by firstly proposing the notion of accountable, anony- mous, and ciphertext-policy ABE (CP-A 3 BE, in short) and then giving out a concrete construction. We start by improving the state-of-the-art of anonymous CP-ABE to obtain shorter public parameters and ciphertext length. In the proposed CP-A 3 BE construction, user accountability can be achieved in black-box model by embedding additional user-specific information into the attribute private key issued to that user, while still maintaining hidden access policy. The proposed constructions are prov- ably secure.

Meiyan Xiao,Hongbo Li,Qiong Huang,Shui Yu,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2022.3173412

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Attribute-based encryption scheme is a promising mechanism to realize one-to-many fine-grained access control which strengthens the security in cloud computing. However, massive amounts of data and various data sharing requirements bring great challenges to the complex but isolated and fixed access structures in most of the existing attribute-based encryption schemes. In this paper, we propose an attribute-based hierarchical encryption scheme with extendable policy, called Extendable Hierarchical Ciphertext-Policy Attribute-Based Encryption (EH-CP-ABE), to improve the data sharing efficiency and security simultaneously. The scheme realizes the function of hierarchical encryption, in which, data with hierarchical access control relationships could be encrypted together flexibly to improve the efficiency. The scheme also achieves external and internal extension of the access structure to further encrypt newly added hierarchical data without updating the original ciphertexts or with only a minor update depending on the data sharing requirements, which simplifies the encryption process and greatly reduces the computation overhead. We formally prove the security of the scheme is IND-CCA secure in the random oracle model based on bilinear Diffie-Hellman assumption, and we also implement our scheme to demonstrate its efficiency and practicality.

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.sysarc.2020.101854

IF: 5.836

2021-01-01

Journal of Systems Architecture

Abstract:Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Cong Li,Qingni Shen,Zhikang Xie,Xinyu Feng,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1093/comjnl/bxaa075

2021-01-01

The Computer Journal

Abstract:Attribute-based encryption with equality test (ABEET) simultaneously supports fine-grained access control on the encrypted data and plaintext message equality comparison without decrypting the ciphertexts. Recently, there have been several literatures about ABEET proposed. Nevertheless, most of them explore the ABEET schemes in the random oracle model, which has been pointed out to have many defects in practicality. The only existing ABEET scheme in the standard model, proposed by Wang et al., merely achieves the indistinguishable against chosen-plaintext attack security. Considering the aforementioned problems, in this paper, we propose the first direct adaptive chosen-ciphertext security ciphertext-policy ABEET scheme in the standard model. Our method only adopts a chameleon hash function and adds one dummy attribute to the access structure. Compared with the previous works, our scheme achieves the security improvement, ciphertext validity check and large universe. Besides, we further optimize our scheme to support the outsourced decryption. Finally, we first give the detailed theoretical analysis of our constructions in computation and storage costs, then we implement our constructions and carry out a series of experiments. Both results indicate that our constructions are more efficient in Setup and Trapdoor and have the shorter public parameters than the existing ABEET ones do.

XiaoFang Huang,Qi Tao,BaoDong Qin,ZhiQin Liu

DOI: https://doi.org/10.1109/icccn.2015.7288431

2015-01-01

Abstract:Attribute Based Encryption (ABE) scheme can achieve information sharing of one-to-many users, without considering the number of users and the users identity. But, the traditional single Attribute Authority (AA) ABE scheme can hardly meet requirements of different agencies in distributed application environment and it is easy to form the system performance bottlenecks. Based on ciphertext-policy ABE scheme, this paper proposes a multi-authority revocable ABE scheme, where the classification manages user attributes, effectively relieving the management burden of single organization. In addition, it can achieve fine grained access control of shared information by adopting tree access strategy and secret sharing scheme, and support system attribute revocation. Finally, we show that the scheme is secure against chosen plaintext attack under the Decisional Bilinear Diffie-Hellman (DBDH) assumption.

A. Balu,K. Kuppusamy

DOI: https://doi.org/10.48550/arXiv.1011.0527

2010-11-02

Abstract:In Ciphertext Policy Attribute based Encryption scheme, the encryptor can fix the policy, who can decrypt the encrypted message. The policy can be formed with the help of attributes. In CP-ABE, access policy is sent along with the ciphertext. We propose a method in which the access policy need not be sent along with the ciphertext, by which we are able to preserve the privacy of the encryptor. The proposed construction is provably secure under Decision Bilinear Diffe-Hellman assumption.

Cryptography and Security

Cong Li,Qingni Shen,Zhikang Xie,Jisheng Dong,Xinyu Feng,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1016/j.ins.2022.08.014

IF: 8.1

2022-01-01

Information Sciences

Abstract:Hierarchical-authority attribute-based encryption (HABE) can resolve the performance bottleneck of the key generation center in the traditional attribute-based encryption (ABE) system. HABE has numerous applications, such as cloud computing and smart grid systems. Nevertheless, almost all of the existing HABE schemes are in the ciphertext-policy setting and do not support non-monotonic access structures. In this work, we propose the first key-policy hierarchical-authority ABE with non-monotonic access structures, dubbed KP-HABE-NMaCS, which supports the authority key delegation, constant size ciphertexts and the large universe simultaneously. We further define the security model of KP-HABE-NMaCS and prove the selective security of it in the standard model. Then we optimize our scheme to realize the outsourced decryption. Subsequently, we present the detailed theoretical analysis of our constructions and the existing HABE constructions in computation and storage costs, and meanwhile implement ours and conduct a series of experiments. Both results indicate that our KP-HABE-NMaCS construction makes improvements in expressiveness and features, and achieves efficiency comparable to the previous HABE constructions. Furthermore, they also show that our extension construction is suitable for resource-limited applications. Eventually, we explore how to apply our KP-HABE-NMaCS to build an ABE with equality test and time-based authorization.