Zhongxiang He,Yuling Chen,Yun Luo,Lingyun Zhang,Yingying Tang

DOI: https://doi.org/10.3390/e26010045

IF: 2.738

2024-01-01

Entropy

Abstract:The emerging cloud storage technology has significantly improved efficiency and productivity in the traditional electronic healthcare field. However, it has also brought about many security concerns. Ciphertext policy attribute-based encryption (CP-ABE) holds immense potential in achieving fine-grained access control, providing robust security for electronic healthcare data in the cloud. However, current CP-ABE schemes still face issues such as inflexible attribute revocation, relatively lower computational capabilities, and key management. To address these issues, this paper introduces a revocable and traceable undeniable ciphertext policy attribute-based encryption scheme (MA-RUABE). MA-RUABE not only enables fast and accurate data traceability, effectively preventing malicious user key leakage, but also includes a direct revocation feature, significantly enhancing computational efficiency. Furthermore, the introduction of a multi-permission mechanism resolves the issue of centralization of power caused by single-attribute permissions. Furthermore, a security analysis demonstrates that our system ensures resilience against chosen plaintext attacks. Experimental results demonstrate that MA-RUABE incurs lower computational overhead, effectively enhancing system performance and ensuring data-sharing security in cloud-based electronic healthcare systems.

physics, multidisciplinary

Peng Li,Dehua Zhou,Haobin Ma,Junzuo Lai

DOI: https://doi.org/10.1016/j.sysarc.2023.103033

IF: 5.836

2023-11-27

Journal of Systems Architecture

Abstract:With the rapid development of the healthcare industry, many Electronic Health Records (EHRs) have emerged in different healthcare centers. However, lots of personal medical data are stored directly in plaintext at a single healthcare center, which makes it suffer from the single point of failure and brings many security and privacy issues such as privacy information leakage or tampering. The combination of blockchain and attributed-based cryptography can effectively solve the above problems. Therefore, in order to enable flexible fine-grained access control and efficient data retrieval while achieving privacy protection, we employ the ciphertext-policy attributed-based encryption (CP-ABE) and ciphertext-policy attribute-based searchable encryption (CP-ABSE) to propose a hidden policy attribute-based access control scheme. In addition, we combine consortium blockchain and smart contract to provide secure and reliable search and outsourcing decryption. Finally, through the security analysis and experimental results, we demonstrate that our scheme is secure and efficient.

computer science, software engineering, hardware & architecture

Ming Li,Shucheng Yu,Yao Zheng,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tpds.2012.97

IF: 5.3

2013-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Personal health record (PHR) is an emerging patient-centric model of health information exchange, which is often outsourced to be stored at a third party, such as cloud providers. However, there have been wide privacy concerns as personal health information could be exposed to those third party servers and to unauthorized parties. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such as risks of privacy exposure, scalability in key management, flexible access, and efficient user revocation, have remained the most important challenges toward achieving fine-grained, cryptographically enforced data access control. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semitrusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage attribute-based encryption (ABE) techniques to encrypt each patient's PHR file. Different from previous works in secure data outsourcing, we focus on the multiple data owner scenario, and divide the users in the PHR system into multiple security domains that greatly reduces the key management complexity for owners and users. A high degree of patient privacy is guaranteed simultaneously by exploiting multiauthority ABE. Our scheme also enables dynamic modification of access policies or file attributes, supports efficient on-demand user/attribute revocation and break-glass access under emergency scenarios. Extensive analytical and experimental results are presented which show the security, scalability, and efficiency of our proposed scheme.

Redwan Walid,Karuna Pande Joshi,Seung Geol Choi

DOI: https://doi.org/10.1038/s41598-024-57692-w

IF: 4.6

2024-03-28

Scientific Reports

Abstract:E-health has become a top priority for healthcare organizations focused on advancing healthcare services. Thus, medical organizations have been widely adopting cloud services, resulting in the effective storage of sensitive data. To prevent privacy and security issues associated with the data, attribute-based encryption (ABE) has been a popular choice for encrypting private data. Likewise, the attribute-based access control (ABAC) technique has been widely adopted for controlling data access. Researchers have proposed electronic health record (EHR) systems using ABE techniques like ciphertext policy attribute-based encryption (CP-ABE), key policy attribute-based encryption (KP-ABE), and multi authority attribute-based encryption (MA-ABE). However, there is a lack of rigorous comparison among the various ABE schemes used in healthcare systems. To better understand the usability of ABE techniques in medical systems, we performed a comprehensive review and evaluation of the three popular ABE techniques by developing EHR systems using knowledge graphs with the same data but different encryption mechanisms. We have used the MIMIC-III dataset with varying record sizes for this study. This paper can help healthcare organizations or researchers using ABE in their systems to comprehend the correct usage scenario and the prospect of ABE deployment in the most recent technological evolution.

multidisciplinary sciences

Yu Wu,Nanzhou Lin,Wei Song,Yuan Shen,Xiandi Yang,Juntao Zhang,Yan Sun

DOI: https://doi.org/10.1007/978-3-030-30952-7_36

2019-01-01

Abstract:The outsourcing storage of medical big data encrypted in the cloud can effectively alleviate the problem of privacy disclosure, but cipher text storage will lead to the inconvenience of data access, which brings new challenges to medical big data shared access. The existing flexible authorization solutions for encrypted data are mainly based on methods such as CP-ABE, which requires the data owner to define the data access strategy, while in reality, the patient is the data owner of the medical data. At the same time, the existing scheme does not support access control authorization in emergency scenarios, and in medical big data applications, when patients can not authorize data users to access cipher text medical data, it will lead to unpredictable consequences. According to the application requirements of encrypted medical big data shared service in cloud environment, an adaptive authorization access method based on attribute encryption is proposed to realize flexible and secure medical data access authorization in normal and emergency situations. Experimental results demonstrate that our scheme is efficient.

Sun Jingzhang,Cao Chunjie,Li Hui

DOI: https://doi.org/10.1007/978-3-030-00012-7_25

2018-01-01

Abstract:With the development in cloud storage, hospitals outsource the encrypted electronic medical records to the cloud services for economic saving. A cloud medical environment where the attribute is frequently updated, the existing searchable encryption schemes cannot support both ciphertext search and fine-grained access control. Therefore, combining ciphertext policy attribute-based encryption with searchable encryption technology, a cryptographic retrieval scheme supporting attribute update is proposed. Attributes can be updated frequently and partial decryption is transferred to the cloud storage server. Security analysis shows that the scheme can protect security and privacy under the DBDH assumption and the experimental results with real data show that the scheme is an efficient and practical application.

Shahzad Khan,Waseem Iqbal,Abdul Waheed,Gulzar Mehmood,Shawal Khan,Mahdi Zareei,Rajesh Roshan Biswal

DOI: https://doi.org/10.3390/s22010336

2022-01-03

Abstract:The ever-growing ecosystem of the Internet of Things (IoT) integrating with the ever-evolving wireless communication technology paves the way for adopting new applications in a smart society. The core concept of smart society emphasizes utilizing information and communication technology (ICT) infrastructure to improve every aspect of life. Among the variety of smart services, eHealth is at the forefront of these promises. eHealth is rapidly gaining popularity to overcome the insufficient healthcare services and provide patient-centric treatment for the rising aging population with chronic diseases. Keeping in view the sensitivity of medical data, this interfacing between healthcare and technology has raised many security concerns. Among the many contemporary solutions, attribute-based encryption (ABE) is the dominant technology because of its inherent support for one-to-many transfer and fine-grained access control mechanisms to confidential medical data. ABE uses costly bilinear pairing operations, which are too heavy for eHealth's tiny wireless body area network (WBAN) devices despite its proper functionality. We present an efficient and secure ABE architecture with outsourcing intense encryption and decryption operations in this work. For practical realization, our scheme uses elliptic curve scalar point multiplication as the underlying technology of ABE instead of costly pairing operations. In addition, it provides support for attribute/users revocation and verifiability of outsourced medical data. Using the selective-set security model, the proposed scheme is secure under the elliptic curve decisional Diffie-Hellman (ECDDH) assumption. The performance assessment and top-ranked value via the help of fuzzy logic's evaluation based on distance from average solution (EDAS) method show that the proposed scheme is efficient and suitable for access control in eHealth smart societies.

Haobin Ma,Dehua Zhou,Peng Li,Xiaoming Wang

DOI: https://doi.org/10.3390/s23094384

IF: 3.9

2023-04-28

Sensors

Abstract:As medical data become increasingly important in healthcare, it is crucial to have proper access control mechanisms, ensuring that sensitive data are only accessible to authorized users while maintaining privacy and security. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an attractive access control solution that can offer effective, fine-grained and secure medical data sharing, but it has two major drawbacks: Firstly, decryption is computationally expensive for resource-limited data users, especially when the access policy has many attributes, limiting its use in large-scale data-sharing scenarios. Secondly, existing schemes are based on data users’ attributes, which can potentially reveal sensitive information about the users, especially in healthcare data sharing, where strong privacy and security are essential. To address these issues, we designed an improved CP-ABE scheme that provides efficient and verifiable outsourced access control with fully hidden policy named EVOAC-HP. In this paper, we utilize the attribute bloom filter to achieve policy hiding without revealing user privacy. For the purpose of alleviating the decryption burden for data users, we also adopt the technique of outsourced decryption to outsource the heavy computation overhead to the cloud service provider (CSP) with strong computing and storage capabilities, while the transformed ciphertext results can be verified by the data user. Finally, with rigorous security and reliable performance analysis, we demonstrate that EVOAC-HP is both practical and effective with robust privacy protection.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiaohui Yang,Wenjie Li,Kai Fan

DOI: https://doi.org/10.1007/s12083-022-01387-4

2022-09-25

Abstract:With the development of digital healthcare, sharing electronic medical record data has become an indispensable part of improving medical conditions. Aiming at the centralized power caused by the single attribute authority in current CP-ABE schemes and the problem that cloud servers are curious and even malicious, we design a revocable CP-ABE EHR sharing scheme with multiple authorities (MA-RABE) in blockchain. In this solution, a group of authorities complete user attribute distribution, key generation and user management through secret sharing and transactions. Besides, we innovatively implemented a distributed one-way anonymous key agreement so that other participants cannot obtain useful information from the fully hidden policy embedded in the ciphertext. Taking into account the computational overhead of a large number of bilinear operations in the decryption process, the solution also supports the cloud server to pre-decrypt the ciphertext, and the data user only needs to perform exponentiation operation once to obtain the plaintext from the pre-decryption result. Theoretical analysis and performance evaluation show that the scheme has reliable security and lower user revocation and ciphertext update overhead.

computer science, information systems,telecommunications

Sujoy Roy,Jeet Agrawal,Alok Kumar,Udai Pratap Rao

DOI: https://doi.org/10.1007/s10586-024-04283-z

2024-02-21

Cluster Computing

Abstract:The modern medical system is convergence of cutting-edge technologies and advancements in the healthcare environment. In the modern medical system, the storage of electronic health records is generally leased out to third-party cloud service providers (CSPs). But, CSPs cannot be entirely relied upon due to the potential security and privacy issues. This article presents Multi-Authority and Hierarchical Attribute-Based Encryption Scheme (MH-ABE) scheme to promote secure information sharing and protect patient's privacy. The utilization of CP-ABE in conjunction with multiple Attribute Authorities within the proposed MH-ABE scheme presents a scalable and fine-grained approach to data access control. The proposed MH-ABE scheme incorporates the utilization of a Hierarchical Access Tree to effectively encrypt numerous files concurrently, hence reducing the computational and storage cost. The proposed scheme has also been evaluated using a comparative analysis with existing schemes, emphasizing the assessment of computational and storage costs. The findings of this analysis demonstrate improved performance and efficiency of the proposed ciphertext policy based encryption scheme. The proposed MH-ABE scheme incorporates features such as policy hiding and revocation, and it exhibits resilience against attacks, including collusion resistance, Indistinguishability under chosen-plaintext attack and forward secrecy.

computer science, information systems, theory & methods

Arthur S. Voundi Koe,Qi Chen,Juan Tang,Shan Ai,Hongyang Yan,Shiwen Zhang,Duncan S. Wong

DOI: https://doi.org/10.1002/int.23009

IF: 8.993

2022-09-09

International Journal of Intelligent Systems

Abstract:With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud‐based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud‐based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext‐policy attribute‐based encryption (CP‐ABE) was provided as an innovative cloud‐based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross‐domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext‐policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie‐Hellman assumption.

computer science, artificial intelligence

Hongjian Yin,Yiming Zhao,Lei Zhang,Baojun Qiao,Wenbo Chen,Huaqing Wang

DOI: https://doi.org/10.1016/j.sysarc.2024.103081

IF: 5.836

2024-03-01

Journal of Systems Architecture

Abstract:In this paper, we address the secure sharing of sensitive healthcare data in blockchain-based healthcare. As a form of sensitive information, healthcare data is often encrypted before being uploaded to cloud servers. Extensive research has been conducted on Attribute-Based Searchable Encryption (ABSE) to achieve fine-grained searchability of encrypted sensitive healthcare data. However, the existing ABSE schemes rely on a single authoritative center for managing the master key, resulting in a single point of failure. Additionally, there has been limited research focusing on the privacy concerns of user identity during the key generation process. To tackle these challenges, we propose a novel decentralized ciphertext-policy attribute-based encryption (DCP-ABSE) scheme. In this scheme, the master key is jointly managed by all attribute nodes on the blockchain. This ensures the smooth operation of the system even if some nodes are compromised. In addition, the user’s private key fragments are generated through interactions with all attribute nodes, in this process, the user’s identity information is not disclosed to attribute nodes. In addition, we prove that the proposed scheme is secure against chosen keyword attacks and chosen plaintext attacks under the Decisional Bilinear Diffie–Hellman assumption. The performance evaluation shows that the proposed scheme has high efficiency.

computer science, software engineering, hardware & architecture

Meiyan Xiao,Hongbo Li,Qiong Huang,Shui Yu,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2022.3173412

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Attribute-based encryption scheme is a promising mechanism to realize one-to-many fine-grained access control which strengthens the security in cloud computing. However, massive amounts of data and various data sharing requirements bring great challenges to the complex but isolated and fixed access structures in most of the existing attribute-based encryption schemes. In this paper, we propose an attribute-based hierarchical encryption scheme with extendable policy, called Extendable Hierarchical Ciphertext-Policy Attribute-Based Encryption (EH-CP-ABE), to improve the data sharing efficiency and security simultaneously. The scheme realizes the function of hierarchical encryption, in which, data with hierarchical access control relationships could be encrypted together flexibly to improve the efficiency. The scheme also achieves external and internal extension of the access structure to further encrypt newly added hierarchical data without updating the original ciphertexts or with only a minor update depending on the data sharing requirements, which simplifies the encryption process and greatly reduces the computation overhead. We formally prove the security of the scheme is IND-CCA secure in the random oracle model based on bilinear Diffie-Hellman assumption, and we also implement our scheme to demonstrate its efficiency and practicality.

Rathee, Geetanjali

DOI: https://doi.org/10.1007/s12243-024-01038-0

2024-04-19

Annals of Telecommunications

Abstract:Given the adaptability and effectiveness of the smart health sector, it has gained much momentum in the last few years, particularly during the COVID-19 pandemic. However, the security and privacy of data sent through a public communication channel are gravely threatened by adopting cloud services for data sharing. The security and privacy of the data are also in jeopardy, as the owners lose full ownership of the material once it is uploaded to the cloud. In recent years, ciphertext policy attribute-based encryption (CP-ABE) has shown great potential as a privacy-preserving encryption mechanism. In this paper, a decentralized method of large-scale data storage has been introduced using the interplanetary file system (IPFS), thereby eliminating the issue of centralized storage and frequent data unavailability. A reliable third-party hospital node in a secure environment is adopted in the proposed model to guarantee data integrity and to reduce the load on the resource-constrained devices of the user. Simulation using the Charm-Crypto framework and Pairing-Based Cryptography library using the SS512 curve proves its performance and efficiency. The proposed scheme's encryption time is constant at 46.96 ms regardless of the size of the attribute set, the key generation time is reduced by 79.09%, and the storage overhead is reduced by 71.3% as compared to the existing schemes.

telecommunications

Yinghui Zhang,Robert H. Deng,Shengmin Xu,Jianfei Sun,Qi Li,Dong Zheng

DOI: https://doi.org/10.1145/3398036

IF: 16.6

2021-07-31

ACM Computing Surveys

Abstract:Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

computer science, theory & methods

Shu Wu,Aiqing Zhang,Ya Gao,Xiaojuan Xie

DOI: https://doi.org/10.1016/j.csi.2024.103833

IF: 3.721

2024-01-21

Computer Standards & Interfaces

Abstract:Personal health records (PHR) offer significant benefit for patients, such as reducing medical cost and improving the quality of medical care. Majority of the current schemes lack provisions for tracking and revoking malicious doctors. The explicit access policies are prone to leaking patient private information. What's more, owning to the uneven distribution of medical supplies, shocking computational overhead during decryption is a burden that can't be ignored for busy medical workers. This paper proposed a patient-centric medical service matching scheme that supports policy hiding, attribute matching, fine-grained access control, and user dynamic management. The scheme uses ciphertext policy-based attribute encryption (CP-ABE) to achieve fine-grained access control and supports policy hiding. It utilizes white-box tracking technology and binary tree structure to achieve malicious doctor tracking. Revocation information is ciphertext to achieve dynamic management of doctors. From the experimental results, it can be concluded that our protocol achieves both patient-centric security and performance advantages.

computer science, software engineering, hardware & architecture

Yuzhao Cui,Qiong Huang,Jianye Huang,Hongbo Li,Guomin Yang

DOI: https://doi.org/10.1093/comjnl/bxz036

2019-01-01

The Computer Journal

Abstract:Thanks to the ease of access and low expenses, it is now popular for people to store data in cloud servers. To protect sensitive data from being leaked to the outside, people usually encrypt the data in the cloud. However, management of these encrypted data becomes a challenging problem, e.g. data classification. Besides, how to selectively share data with other users is also an important and interesting problem in cloud storage. In this paper, we focus on ciphertext-policy attribute based encryption with equality test (CP-ABEET). People can use CP-ABEET to implement not only flexible authorization for the access to encrypted data, but also efficient data label classification, i.e. test of whether two encrypted data contain the same message. We construct an efficient CP-ABEET scheme, and prove its security based on a reasonable number-theoretic assumption. Compared with the only existing CP-ABEET scheme, our construction is more efficient in key generation, and has shorter attribute-related secret keys and better security.

Jun Zhao,Kai Zhang,Junqing Gong,Haifeng Qian

DOI: https://doi.org/10.1109/tifs.2024.3350925

IF: 7.231

2024-02-02

IEEE Transactions on Information Forensics and Security

Abstract:Electronic healthcare (E-health) cloud system enables electronic health records (EHRs) sharing and improves efficiency of diagnosis and treatment. In order to address EHRs confidentiality and authorized user access control in E-health cloud, attribute-based proxy re-encryption (ABPRE) has been widely employed which provides dynamic fine-grained access control over encrypted EHRs. Unfortunately, existing ABPRE schemes still have the following defects: 1) capacity of attribute-universe is defined at setup; 2) verifiable mechanism for re-encryption reveals EHRs about patients; 3) traditional access policy reveals sensitive information pertaining to patients. This paper focuses on these issues and presents large-universe, verifiable and privacy-preserving dynamic fine-grained access control scheme for E-health cloud. More details, we solve limitation of attribute-universe to large-universe, which means that attributes aren't required to be enumerated at setup. Considering disclosure of underlying EHRs in verifiable mechanism, scheme introduces non-interactive zero-knowledge proof as verifiable mechanism that supports public validation and doesn't leak EHRs of patients. Furthermore, partially hidden policy is employed to protect privacy of patients in policy, which divides attribute into attribute name and attribute value, displaying attribute name and hiding attribute value. Finally, experimental evaluation is given that demonstrates the more comprehensive functionality of our scheme without sacrificing significant computational overhead.

computer science, theory & methods,engineering, electrical & electronic

Shanshan Li,Chunxiang Xu,Yuan Zhang,Yicong Du,Xinsheng Wen,Kefei Chen,Jianfeng Ma

DOI: https://doi.org/10.1109/jsyst.2021.3073169

IF: 4.802

2021-01-01

IEEE Systems Journal

Abstract:In cloud-assisted electronic health (eHealth) systems, outsourced electronic health records (EHRs) have attribute-value type formats: an EHR corresponds to an entry with a unique identity and has multiple types of attribute values. Such formatted EHRs form an attribute-value type database, where both the attribute values and unique identities can serve as keywords for searching. Since EHRs are very sensitive, they are always encrypted before being outsourced, which makes retrieval of target EHRs by either identity or attribute value hard. Moreover, the EHRs are encrypted by different doctors, a researcher, who is delegated to research a certain kind of disease, cannot find out all corresponding EHRs due to the difference of encryption keys. In this article, we construct a triple dictionary index structure for the attribute-value type database to allow a researcher to retrieve encrypted EHRs by the identity and attribute value and to perform dynamic operations over them. We employ an identity server to assist doctors in generating encryption keys via an oblivious way. By doing so, the researcher can retrieve encrypted EHRs without leaking any information to the identity server. We analyze the security and evaluate the performance of our scheme to demonstrate that it achieves <span class="mjpage"><svg xmlns:xlink="http://www.w3.org/1999/xlink" width="1.583ex" height="2.176ex" style="vertical-align: -0.338ex;" viewBox="0 -791.3 681.5 936.9" role="img" focusable="false" xmlns="http://www.w3.org/2000/svg"><g stroke="currentColor" fill="currentColor" stroke-width="0" transform="matrix(1 0 0 -1 0 0)"> <use xlink:href="#MJMATHI-4C" x="0" y="0"></use></g></svg></span>-adaptive security and forward security with high efficiency.<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs id="MathJax_SVG_glyphs"><path stroke-width="1" id="MJMATHI-4C" d="M228 637Q194 637 192 641Q191 643 191 649Q191 673 202 682Q204 683 217 683Q271 680 344 680Q485 680 506 683H518Q524 677 524 674T522 656Q517 641 513 637H475Q406 636 394 628Q387 624 380 600T313 336Q297 271 279 198T252 88L243 52Q243 48 252 48T311 46H328Q360 46 379 47T428 54T478 72T522 106T564 161Q580 191 594 228T611 270Q616 273 628 273H641Q647 264 647 262T627 203T583 83T557 9Q555 4 553 3T537 0T494 -1Q483 -1 418 -1T294 0H116Q32 0 32 10Q32 17 34 24Q39 43 44 45Q48 46 59 46H65Q92 46 125 49Q139 52 144 61Q147 65 216 339T285 628Q285 635 228 637Z"></path></defs></svg>

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Yingjie Xue,Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2019.2911166

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:In public cloud storage services, data are outsourced to semi-trusted cloud servers which are outside of data owners' trusted domain. To prevent untrustworthy service providers from accessing data owners' sensitive data, outsourced data are often encrypted. In this scenario, conducting access control over these data becomes a challenging issue. Attribute-based encryption (ABE) has been proved to be a powerful cryptographic tool to express access policies over attributes, which can provide a fine-grained, flexible, and secure access control over outsourced data. However, the existing ABE-based access control schemes do not support users to gain access permission by collaboration. In this paper, we explore a special attribute-based access control scenario where multiple users having different attribute sets can collaborate to gain access permission if the data owner allows their collaboration in the access policy. Meanwhile, the collaboration that is not designated in the access policy should be regarded as a collusion and the access request will be denied. We propose an attribute-based controlled collaborative access control scheme through designating translation nodes in the access structure. Security analysis shows that our proposed scheme can guarantee data confidentiality and has many other critical security properties. Extensive performance analysis shows that our proposed scheme is efficient in terms of storage and computation overhead.