Sheng Ding,Chen Li,Hui Li

DOI: https://doi.org/10.1109/access.2018.2836350

IF: 3.9

2018-01-01

IEEE Access

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic technique that integrates data encryption with access control for ensuring data security in IoT systems. However, the efficiency problem of CP-ABE is still a bottleneck limiting its development and application. A widespread consensus is that the computation overhead of bilinear pairing is excessive in the practical application of ABE, especially for the devices or the processors with limited computational resources and power supply. In this paper, we proposed a novel pairing-free data access control scheme based on CP-ABE using elliptic curve cryptography, abbreviated PF-CP-ABE. We replace complicated bilinear pairing with simple scalar multiplication on elliptic curves, thereby reducing the overall computation overhead. And we designed a new way of key distribution that it can directly revoke a user or an attribute without updating other users' keys during the attribute revocation phase. Besides, our scheme use linear secret sharing scheme access structure to enhance the expressiveness of the access policy. The security and performance analysis show that our scheme significantly improved the overall efficiency as well as ensured the security.

Jianqiang Li,Shulan Wang,Yuan Li,Haiyan Wang,Huiwen Wang,Huihui Wang,Jianyong Chen,Zhuhong You

DOI: https://doi.org/10.1109/tii.2019.2931156

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:Recently, more and more users and enterprises have entrusted data storage and platform construction to proxy cloud service provider (PCSP) through cloud technology. Under this background, the attribute-based encryption (ABE) mechanism is an alternative to fill the drawbacks of the traditional encryption through flexible fine-grained access policy and collusion prevention. However, there exist some security issues when the access policy and file need to be updated in practical applications. And the ABE has the problems of excessive computation and storage costs. In this article, an efficient ciphertext-policy ABE scheme with policy update and file update is proposed in cloud computing. The ciphertext components generated by first encryption can be shared when the policy update and file update happens. It reduces the storage and communication costs of the client, and the computational cost of the PCSP. Moreover, the proposed scheme is proved to be secure under the assumption of decision q-parallel bilinear Diffie–Hellman exponent (BDHE). Finally, experimental simulation shows that the proposed scheme is highly efficient in terms of policy update and file update.

Chanying Huang,Kedong Yan,Songjie Wei,Gongxuan Zhang,Dong Hoon Lee

DOI: https://doi.org/10.1109/pic.2017.8359555

2017-01-01

Abstract:Cloud computing is a revolutionary information technology paradigm, which provides users with unlimited, s-calale, low-cost and convenient resource services, but when data is outsourced to a semi-trusted cloud server, challenging security issues such as user privacy, access control, etc. still urgently need to be addressed. Attribute-based encryption (ABE) scheme can provide sufficient data security and fine-grained access control for cloud data. However, the limitation of ABE is that user's privacy would be disclosed with the access policy (structure) stored in clear text. Some works sacrificed the computing efficiency, key length or ciphertext size for privacy concerns. To overcome these problems, this paper proposes an efficient anonymous attribute-based encryption scheme with access policy hidden. Using the idea of Boolean equivalent transformation, the proposed scheme can achieve fast encryption and protect the privacy for both data owner and legitimate access user. In addition, the proposed scheme can satisfy constant secret key length and reasonable size of ciphertext requirements. We conduct theoretical security analysis, and carry out experiments to prove that the proposed scheme has good performance in terms of computational, communication and storage overheads.

Chong Guo,Bei Gong,Muhammad Waqas,Hisham Alasmary,Shanshan Tu,Sheng Chen

DOI: https://doi.org/10.3390/s24216843

IF: 3.9

2024-10-25

Sensors

Abstract:The Internet of Things (IoT) is a heterogeneous network composed of numerous dynamically connected devices. While it brings convenience, the IoT also faces serious challenges in data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptography method that supports fine-grained access control, offering a solution to the IoT's security issues. However, existing CP-ABE schemes are inefficient and unsuitable for IoT devices with limited computing resources. To address this problem, this paper proposes an efficient pairing-free CP-ABE scheme for the IoT. The scheme is based on lightweight elliptic curve scalar multiplication and supports multi-authority and verifiable outsourced decryption. The proposed scheme satisfies indistinguishability against chosen-plaintext attacks (CPA) under the elliptic curve decisional Diffie–Hellman (ECDDH) problem. Performance analysis shows that our proposed scheme is more efficient and better suited to the IoT environment compared to existing schemes.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chunqiang Hu,Yan Huo,Liran Ma,Hang Liu,Shaojiang Deng,Liping Feng

DOI: https://doi.org/10.1007/978-3-319-60033-8_41

2017-01-01

Abstract:The concept of Smart Grid gains tremendous attention amongst researchers and utility providers in recent years. One of the challenges is to establish a secure communication architecture among smart meters, utility companies, and third-party service providers, whilst address the prevalent security and privacy concerns. In this paper, we propose a communication architecture for smart grids, and design a scheme to secure the data communications among smart meters, utility companies, and third-party service providers by employing Decentralized Ciphertext-Policy Attribute Based Encryption (CP ABE) to store the data in ciphertext format, hence ensuring data security. The architecture we proposed is high scalable since the decentralized feature. Also, our architecture achieves an role-based access control by employing an access control LSSS matrix that describes the attributes required to access the data. We analyze the proposed scheme, and argue that it provides message authenticity and collusion resistance, and is efficient and feasible.

Rui Cheng,Kehe Wu,Yuling Su,Wei Li,Wenchao Cui,Jie Tong

DOI: https://doi.org/10.3390/pr9071176

IF: 3.5

2021-07-06

Processes

Abstract:The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

engineering, chemical

Guangcan Yang,Peixuan Li,Ke Xiao,Yunhua He,Gang Xu,Chao Wang,Xiubo Chen

DOI: https://doi.org/10.3390/electronics12204237

IF: 2.9

2023-01-01

Electronics

Abstract:As an increasing number of people and corporations move their data to the cloud side, how to ensure efficient and secure access to data stored on the cloud side has become a key focus of current research. Attribute-Based Encryption (ABE) is largely recognized as the best access control method for safeguarding the cloud storage environment, and numerous solutions based on ABE have been developed successively. However, the majority of current research is conducted within a single cloud provider, and only the limited number of schemes for the multi-cloud environment also fail to support the data security classification on the cloud side. Therefore, we propose an efficient attribute-based encryption scheme with data security classification in the multi-cloud environment. In our scheme, the data owner’s data are divided into two security levels and stored in different cloud providers, which improves the security of outsourcing data. Moreover, based on Ciphertext-Policy Attribute-Based Encryption (CP-ABE), our scheme can not only provide a fine-grained access control for the data user, but also completely exploit the cloud side to facilitate outsourcing decryption to lighten the data user’s computing load. The security analysis showed that our scheme is effective against selective-attribute plaintext attack, as well as protects the privacy of the data. The experimental results also demonstrated that the computational overhead is obviously less than other existing schemes.

Hao Wang,Zhihua Zheng,Yilei Wang

DOI: https://doi.org/10.1504/ijguc.2017.10008770

2017-01-01

International Journal of Grid and Utility Computing

Abstract:Attribute-Based Encryption (ABE) is a useful encryption method that allows users to encrypt messages based on their attributes. However, the computational cost of ABE system is very high, because it often scales with the number of attributes. This makes ABE difficult to apply in practice. In this paper, we use the cloud computing technology as well as pre-computing technology to solve this problem, and introduce the cloud-aided online/offline ciphertext-policy ABE system. In this system, Private Key Generator (PKG) could per-compute intermediate keys offline before online key generation phase, encryptor could pre-compute intermediate ciphertexts offline before online encryption phase, and decryptor could call their cloud computing servers to transform the ciphertexts to the partially decrypted ciphertexts before decryption phase. This greatly reduces the local computational cost of these three phases. It is significant for mobile devices to use ABE. Then, we propose a specific scheme, and prove its adaptive security in the standard model. Finally, we introduce how to deploy our new scheme in the mobile cloud computing environment.

Yinghui Zhang,Dong Zheng,Xiaofeng Chen,Jin Li,Hui Li

DOI: https://doi.org/10.1016/j.pmcj.2015.06.009

IF: 3.848

2016-01-01

Pervasive and Mobile Computing

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is extremely suitable for cloud computing environment in that it enables data owners to make and enforce access policies themselves. However, most of existing CP-ABE schemes suffer severe efficiency drawbacks due to large ciphertext size and computation cost, and hence are not suitable for mobile clouds, where users are usually resource-limited. In this paper, we first present a generic attribute-based data sharing system based on a hybrid mechanism of CP-ABE and a symmetric encryption scheme. Then, we propose a CP-ABE scheme which features constant computation cost and constant-size ciphertexts. The proposed CP-ABE scheme is proven selective-secure in the random oracle model under the decision n -BDHE assumption, where n represents the total number of attributes in universe. It can efficiently support AND-gate access policies with multiple attribute values and wildcards. Theoretical analysis and experimental results indicate that the proposed scheme is extremely suitable for data sharing in mobile clouds.

Yang Chen,Wenmin Li,Fei Gao,Wei Yin,Kaitai Liang,Hua Zhang,Qiaoyan Wen

DOI: https://doi.org/10.1093/comjnl/bxz052

2019-01-01

Abstract:Online data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user's privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Miao Wang,Zhenfu Cao,Xiaolei Dong,Runmeng Du,Jiasheng Chen

DOI: https://doi.org/10.1109/jiot.2024.3470322

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:In the distributed computing environment, it is important to efficiently achieve secure access to data. One of the widely applied encryption mechanisms is the multi-authority attribute-based encryption. However, most existing multi-authority setting schemes were relied on bilinear pairings, which causes the system to bear a relatively large burden in computation overhead. In this paper, we proposes a decentralized multi-authority key-policy attribute-based encryption scheme without bilinear pairings, its security is relied solely on the decisional Diffie-Hellman assumption. It removes the trusted central authority and prevents user collusion attacks. Except for the global coordination between the attribute authorities, any party can simply play the part of a standard attribute authority by generating public keys and issuing corresponding decryption key components for users. The proposed scheme provides heightened security and efficiency compared to the current pairing-free multi-authority ABE scheme, as well as superior computational efficiency when compared to those utilizing bilinear pairings.

Ningyu Chen,Jiguo Li,Yichen Zhang,Yuyan Guo

DOI: https://doi.org/10.1109/tc.2020.3043950

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Attribute-based encryption (ABE) is a preferred technology used to access control the data stored in the cloud servers. However, in many cases, the authorized decryption user may be unable to decrypt the ciphertext in time for some reason. To be on the safe side, several alternate users are delegated to cooperate to decrypt the ciphertext, instead of one user doing that. We provide a ciphertext-policy ABE scheme with shared decryption in this article. An authorized user can recover the messages independently. At the same time, these alternate users (semi-authorized users) can work together to get the messages. We also improve the basic scheme to ensure that the semi-authorized users perform the decryption tasks honestly. An integrated access tree is used to improve the efficiency for our scheme. The new scheme is proved CPA-secure in the standard model. The experimental result shows that our scheme is very efficient on both computational overhead and storage cost.

engineering, electrical & electronic,computer science, hardware & architecture

Hao Wang,Bo Yang,Yilei Wang

DOI: https://doi.org/10.1109/waina.2015.11

2015-01-01

Abstract:Attribute-based encryption (ABE) is a type of public key encryption that allows users to encrypt and decrypt messages based on user attributes. One drawback is that encryption and decryption computational costs scale with the complexity of the access policy or number of attributes. In practice, this makes encryption and decryption a possible bottleneck for some applications. In this work, we aim to mitigate this problem for cipher text-policy ABE (CP-ABE). We introduce the serve raided CP-ABE (SA-CP-ABE) system. In this system, users can precompute an intermediate cipher text before actual encryption to improve efficiency, and stores it on its storage server. Before decryption, user can call its computing server to transform the ciphertext to the partially decrypted ciphertext. This is significant for mobile devices to save local storage resources and computational resources. Then, we propose an SA-CP-ABE scheme, and prove its security in the standard model.

Qian He,Ning Zhang,Yongzhuang Wei,Yan Zhang

DOI: https://doi.org/10.1016/j.comnet.2018.01.038

IF: 5.493

2018-01-01

Computer Networks

Abstract:Protecting data in Cyber-Physical Systems (CPS) has been a longstanding challenge. The tradition Attribute Based Encryption (ABE) is known for its high computation load which creates a significant challenge for resource constrained mobile devices. In this paper, we propose a Lightweight Attribute Based Encryption Scheme (LABE) for mobile cloud-assisted CPS based on a proxy service architecture and a new ciphertext policy ABE. In particular, mobile devices will solely perform symmetric encryption by joining authentication and encryption proxy services encapsulated in RESTful. Encryption shall not need pairing and then ciphertext can be decrypted with one pairing. Security analysis shows that the proposed LABE is secure with fine grained access control and users revocation capability. The computation complexity shows that the proposed scheme imposes low overhead on mobile devices and performs very well in mobile cloud-assisted CPS.

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Jing Wang,Chuanhe Huang,Neal N. Xiong,Jinhai Wang

DOI: https://doi.org/10.1016/j.ins.2017.09.032

IF: 8.1

2017-01-01

Information Sciences

Abstract:Cloud provides outsourced storage services in a cost-effective manner. A key challenge of cloud storage is the security and privacy of outsourced data. A security mechanism known as attribute-based encryption (ABE) represents the state-of-the-art in providing fine-grained access control for cloud storage. The managing of access policy is a critical issue of ABE. Policy managing may incur substantial computation and communication overhead in the ABE scheme with unscalable access policy. In this work, we firstly propose a form of scalable access policy named blocked linear secret sharing scheme (BLSSS). The scalability of BLSSS provides efficient policy managing interface for ABE scheme. Then, we propose a scalable ciphertext-policy attribute-based encryption (SCP-ABE) scheme which uses BLSSS as access policy. Significantly, the proposed SCP-ABE is low-cost in computation and communication during policy managing. Furthermore, sufficient simulation experiments demonstrate that SCP-ABE outperforms most existing ABE schemes in terms of policy managing. (C) 2017 Elsevier Inc. All rights reserved.

Yinghui Zhang,Robert H. Deng,Shengmin Xu,Jianfei Sun,Qi Li,Dong Zheng

DOI: https://doi.org/10.1145/3398036

IF: 16.6

2021-07-31

ACM Computing Surveys

Abstract:Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

computer science, theory & methods

Yinghui Zhang,Dong Zheng,Xiaofeng Chen,Jin Li,Hui Li

DOI: https://doi.org/10.1007/978-3-319-12475-9_18

2014-01-01

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is extremely suitable for cloud computing environment in that it enables data owners to make and enforce access policies themselves. However, most of the existing CP-ABE schemes suffer severe efficiency drawbacks due to large computation cost and ciphertext size, both of which linearly increase with the complexity of access policies. Aiming at tackling the challenge above, in this paper, we propose a CP-ABE scheme which features constant computation cost and constant-size ciphertexts. The proposed CP-ABE scheme is proven selective-secure in the random oracle model under the decision n-Bilinear Diffie-Hellman Exponent (n-BDHE) assumption, where n represents the total number of attributes in universe. In particular, the proposed scheme can efficiently support AND-gate access policies with multiple attribute values and wildcards. Performance comparisons indicate that the proposed CP-ABE scheme is promising in real-world applications, especially for the scenarios where computation and bandwidth issues are major concerns.

Jinnan Zhang,Qinghua Gong,Zheng Wei,Xinmin Wang,Xin Yan,Xia Zhang

DOI: https://doi.org/10.1109/ICCSNT56096.2022.9972943

2022-01-01

Abstract:Attribute-based encryption (ABE) is a popular cryptographic technology to guarantee data security in the Internet of things (IoTs). However, the single attribute authorization in traditional ABE scheme is tasked with costly calculations, which will become a bottleneck in IoTs. Besides, access policy in a plaintext form may reveal personal information. In addition, data owners need to have flexibility to change access policy. In this paper, we propose a multi-authorization attribute encryption scheme that supports policy hiding, policy updating and ciphertext validation. In our scheme, the computational cost of ciphertext decryption is constant, which reduces computational overhead and storage usage. Security analyses prove that our scheme realizes the security in static security model and anti-collusion attack model. Finally, we demonstrate that the performance of the scheme is more efficient than previous ABE schemes.

Hanshu Hong,Zhixin Sun

DOI: https://doi.org/10.1186/s40064-016-1765-9

2016-02-19

SpringerPlus

Abstract:AbstractAttribute based encryption (ABE) has been widely applied for secure data protection in various data sharing systems. However, the efficiency of existing ABE schemes is not high enough since running encrypt and decrypt algorithms need frequent bilinear pairing operations, which may occupy too much computing resources on terminal devices. What’s more, since different users may share the same attributes in the system, a single user’s private key exposure will threaten the security and confidentiality of the whole system. Therefore, to further decrease the computation cost in attribute based cryptosystem as well as provide secure protection when key exposure happens, in this paper, we firstly propose a high efficient key-insulated ABE algorithm without pairings. The key-insulated mechanism guarantees both forward security and backward security when key exposure or user revocation happens. Besides, during the running of algorithms in our scheme, users and attribute authority needn’t run any bilinear pairing operations, which will increase the efficiency to a large extent. The high efficiency and security analysis indicate that our scheme is more appropriate for secure protection in data sharing systems.