Abstract:In recent years, to address the security defect that the explicit attribute values in access policies may reveal the privacy, a new variant of ciphertext-policy attribute-based encryption(CP-ABE)——hidden policy CP-ABE (HP-CP-ABE) is proposed in some recent works. But there are two tremendous flaws in most existing HP-CP-ABE schemes. The one issue is that an attacker can launch the attribute values guessing attacks (AVGA) to detect the attribute values in access policies of many HP-CP-ABE schemes. And another issue is that, if the HP-CP-ABE schemes are using the “Linear Secret Sharing Schemes (LSSS)” as their access structures, as the rows of the LSSS matrix grows, the time complexity of the decryption testing algorithm will boost rapidly which will greatly aggravate the computing burden of the user. So in this paper, we propose a partially HP-CP-ABE (PHP-CP-ABE) scheme which can perfectly withstand the attribute values guessing attacks (AVGA). As our access structure is using the LSSS, to alleviate the computing burden of the user, we design a online privacy-protective decryption testing algorithm for the users to privately and securely outsource the decryption testing phase to the cloud server. Our online testing algorithm is privacy-protective which means during running the privacy-protective decryption testing algorithm, the cloud server has no chance to know anything about the attribute values in the access policy and the attribute values of the user. This will prevent the privacy from leaking out to the third party cloud server. Then we rigorously prove that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA). Next, by reduction to the computational q-PBDHE assumption which is firstly proposed in our paper, we prove that our HP-CP-ABE scheme is indistinguishable secure under the attribute values guessing attacks (IND-AVGA). Finally through the comparison with the state-of-art HP-CP-ABE schemes from the perspective of functionality and efficiency, it is easily to observe that our scheme has high-security and high-efficiency. In appendix, we give a straightaway analysis to some relevant works to point out the security vulnerabilities in their schemes.

A Partially Hidden Policy CP-ABE Scheme Against Attribute Values Guessing Attacks with Online Privacy-Protective Decryption Testing in IoT Assisted Cloud Computing.

A Lightening Fine-grained Access Control Scheme Supporting Full Policy Hiding in Cloud Storage

A Lightweight Attribute-Based Access Control Scheme for Intelligent Transportation System With Full Privacy Protection

An Expressive Fully Policy-Hidden Ciphertext Policy Attribute-Based Encryption Scheme with Credible Verification Based on Blockchain

Achieving privacy-preserving sensitive attributes for large universe based on private set intersection

Fine-grained Data Access Control with Attribute-Hiding Policy for Cloud-Based IoT.

A Lightweight Access Control Scheme Supporting Policy Hidden Based on Path Bloom Filter.

HUAP: Practical Attribute-based Access Control Supporting Hidden Updatable Access Policies for Resource-Constrained Devices

EVOAC-HP: An Efficient and Verifiable Outsourced Access Control Scheme with Hidden Policy

Efficient and Secure Attribute-Based Access Control with Identical Sub-Policies Frequently Used in Cloud Storage

Outsourced Ciphertext-Policy Attribute-Based Encryption with Equality Test.

Security Analysis for a Ciphertext-Policy Attribute-Based Encryption Scheme

Efficient CP-ABE Scheme With Shared Decryption in Cloud Storage

Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT

Quantum Resistant Ciphertext-Policy Attribute-Based Encryption Scheme with Flexible Access Structure

Attribute Based Data Sharing with Attribute Revocation.

Ciphertext-Policy Attribute-Based Encrypted Data Equality Test and Classification.

POSTER: Ciphertext-Policy Attribute-Based Encryption Method with Secure Decryption Key Generation and Outsourcing Decryption of ABE Ciphertexts

Privacy-Aware Attribute-Based Encryption with User Accountability

Efficient Revocable Storage Attribute-based Encryption with Arithmetic Span Programs in Cloud-assisted Internet of Things

Towards Efficient Sharing of Encrypted Data in Cloud-Based Mobile Social Network