Qi Han,Yinghui Zhang,Hui Li

DOI: https://doi.org/10.1016/j.future.2018.01.019

IF: 7.307

2018-01-01

Future Generation Computer Systems

Abstract:The term of Internet of Things (IoT) remarkably increases the ubiquity of the internet by integrating smart object-based infrastructures. How to achieve efficient fine-grained data access control while preserving data privacy is a challenge task in the scenario of IoT. Despite ciphertext-policy attribute-based encryption (CP-ABE) can provide fine-grained data access control by allowing the specific users whose attributes match the access policy to decrypt ciphertexts. However, existing CP-ABE schemes will leak users’ attribute values to the attribute authority (AA) in the phase of key generation, which poses a significant threat to users’ privacy. To address this issue, we propose a new CP-ABE scheme which can successfully protect the user’s attribute values against the AA based on 1-out-of-n oblivious transfer technique. In addition, we use Attribute Bloom Filter to protect the attribute type of the access policy in the ciphertext. Finally, security and efficiency evaluations show that the proposed scheme can achieve the desired security goals, while keeping comparable computation overhead.

Jialu Hao,Cheng Huang,Jianbing Ni,Hong Rong,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2019.02.008

IF: 5.493

2019-01-01

Computer Networks

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach to achieve fine-grained access control over the outsourced data in Internet of Things (IoT). However, in the existing CP-ABE schemes, the access policy is either appended to the ciphertext explicitly or only partially hidden against public visibility, which results in privacy leakage of the underlying ciphertext and potential recipients. In this paper, we propose a fine-grained data access control scheme supporting expressive access policy with fully attribute hidden for cloud-based IoT. Specifically, the attribute information is fully hidden in access policy by using randomizable technique, and a fuzzy attribute positioning mechanism based on garbled Bloom filter is developed to help the authorized recipients locate their attributes efficiently and decrypt the ciphertext successfully. Security analysis and performance evaluation demonstrate that the proposed scheme achieves effective policy privacy preservation with low storage and computation overhead. As a result, no valuable attribute information in the access policy will be disclosed to the unauthorized recipients.

Qinlong Huang,Licheng Wang,Yixian Yang

DOI: https://doi.org/10.1007/s11280-017-0462-0

2017-01-01

World Wide Web

Abstract:The Internet of Things (IoT) is a novel paradigm where many of the objects that surround us can be connected to the internet. Since IoT is always related to user’s personal information, it raises lot of data security and privacy issues. In this paper, we present a secure and fine-grained data access control scheme for constrained IoT devices and cloud computing based on hierarchical attribute-based encryption, which reduces the key management by introducing hierarchical attribute authorities. In order to relieve local computation burden, we propose an outsourced encryption and decryption construction by delegating most of laborious operations to gateway and cloud server. Further, our scheme achieves efficient policy updating, which allows the sender device to update access policies without retrieving and re-encrypting the data. The security and performance analysis results show that our scheme is secure and efficient.

Xiaofeng Lu,Songbing Fu,Cheng Jiang,Pietro Lio

DOI: https://doi.org/10.1155/2021/5308206

2021-01-01

Abstract:IoT technology has been widely valued and applied, and the resulting massive IoT data brings many challenges to the traditional centralized data management, such as performance, privacy, and security challenges. This paper proposes an IoT data access control scheme that combines attribute-based encryption (ABE) and blockchain technology. Symmetric encryption and ABE algorithms are utilized to realize fine-grained access control and ensure the security and openness of IoT data. Moreover, blockchain technology is combined with distributed storage to solve the storage bottleneck of blockchain systems. Only the hash values of the data, the hash values of the ciphertext location, the access control policy, and other important information are stored on the blockchain. In this scheme, smart contract is used to implement access control. The results of experiments demonstrate that the proposed scheme can effectively protect the security and privacy of IoT data and realize the secure sharing of data.

Jianfei Sun,Hu Xiong,Ximeng Liu,Yinghui Zhang,Xuyun Nie,Robert H. Deng

DOI: https://doi.org/10.1109/JIOT.2020.2974257

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the booming of Internet of Things (IoT), smart health (s-health) is becoming an emerging and attractive paradigm. It can provide an accurate prediction of various diseases and improve the quality of healthcare. Nevertheless, data security and user privacy concerns still remain issues to be addressed. As a high potential and prospective solution to secure IoT-oriented s-health applications, ciphertext policy attribute-based encryption (CP-ABE) schemes raise challenges, such as heavy overhead and attribute privacy of the end users. To resolve these drawbacks, an optimized vector transformation approach is first proposed to efficiently transform the access policy and user attribute set into respective vectors of shorter length while other approaches result in redundant and longer vectors. Our transformation approach can greatly relieve the costly overheard of key generation, encryption, and decryption phases. Then, based on the transformation approach and the offline/online computation technology, we propose a lightweight policy-hiding CP-ABE scheme for the IoT-oriented s-health application. With our proposed scheme, data users in the s-health system can perform lightweight encryption and decryption without leaking any sensitive privacy about the attributes of the user. Finally, the formal security analysis, the theoretic performance evaluation and experiment results indicate that the solution is secure and efficient.

Hui Tian,Xiang Li,Hanyu Quan,Chin-Chen Chang,Thar Baker

DOI: https://doi.org/10.1109/jsen.2020.3030688

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Guan Zhitao,Yang Wenti,Zhu Liehuang,Wu Longfei,Wang Ruimiao

DOI: https://doi.org/10.1007/s11432-020-2957-5

2021-01-01

Science China Information Sciences

Abstract:The Internet of things(IoT) technology has been used in a wide range of fields, ranging from industrial manufacturing to daily lives. The IoT system contains numerous resource-constrained lightweight devices such as wireless sensors and radio frequency identification(RFID) tags. A massive amount of sensitive data is generated and transmitted by these devices to a variety of users. The complexity of the IoT system places a high demand on security. Therefore, it is necessary to develop an encryption scheme with access control to provide flexible and secure access to the sensitive data. The ciphertext policy attribute-based encryption(CP-ABE) scheme is a potential solution. However, the long ciphertext as well as the slow encryption and decryption operations in traditional ABE schemes make it inappropriate for most IoT systems,which require low latency and contain many devices with limited memory size and computing capability. In this paper, we propose a modified CP-ABE scheme with constant length of ciphertext and low computation overhead in the encryption and decryption phases. Additionally, our scheme is proven to be adaptively secure under the standard model. Moreover, two enhanced schemes are developed to prevent authorized users from leaking data and protect the privacy of data owners by combining chameleon hash, bloom filters and CP-ABE, respectively. Finally, the experimental evaluation and analysis prove the feasibility of our scheme.

Jiguo Li,Yichen Zhang,Jianting Ning,Xinyi Huang,Geong Sen Poh,Debang Wang

DOI: https://doi.org/10.1109/tcc.2020.2975184

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this article, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is quite suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform based on ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

computer science, information systems, theory & methods

Zenghui Yang,Xiubo Chen,Yunfeng He,Luxi Liu,Yinmei Che,Xiao Wang,Ke Xiao,Gang Xu

DOI: https://doi.org/10.1016/j.hcc.2024.100199

2024-01-01

High-Confidence Computing

Abstract:With the wide application of the Internet of Things (IoT), storing large amounts of IoT data and protecting data privacy has become a meaningful issue. In general, the access control mechanism is used to prevent illegal users from accessing private data. However, traditional data access control schemes face some non-ignorable problems, such as only supporting coarse-grained access control, the risk of centralization, and high trust issues. In this paper, an attribute-based data access control scheme using blockchain technology is proposed. To address these problems, attribute-based encryption (ABE) has become a promising solution for encrypted data access control. Firstly, we utilize blockchain technology to construct a decentralized access control scheme, which can grant data access with transparency and traceability. Furthermore, our scheme also guarantees the privacy of policies and attributes on the blockchain network. Secondly, we optimize an ABE scheme, which makes the size of system parameters smaller and improves the efficiency of algorithms. These optimizations enable our proposed scheme supports large attribute universe requirements in IoT environments. Thirdly, to prohibit attribute impersonation and attribute replay attacks, we design a challenge-response mechanism to verify the ownership of attributes. Finally, we evaluate the security and performance of the scheme. And comparisons with other related schemes show the advantages of our proposed scheme. Compared to existing schemes, our scheme has more comprehensive advantages, such as supporting a large universe, full security, expressive policy, and policy hiding.

Shengmin Xu,Guomin Yang,Yi Mu,Ximeng Liu

DOI: https://doi.org/10.1016/j.future.2019.02.051

IF: 7.307

2019-01-01

Future Generation Computer Systems

Abstract:Internet of Things (IoT) cloud provides a practical and scalable solution to accommodate the data management in large-scale IoT systems by migrating the data storage and management tasks to cloud service providers (CSPs). However, there also exist many data security and privacy issues that must be well addressed in order to allow the wide adoption of the approach. To protect data confidentiality, attribute-based cryptosystems have been proposed to provide fine-grained access control over encrypted data in IoT cloud. Unfortunately, the existing attributed-based solutions are still insufficient in addressing some challenging security problems, especially when dealing with compromised or leaked user secret keys due to different reasons. In this paper, we present a practical attribute-based access control system for IoT cloud by introducing an efficient revocable attribute-based encryption scheme that permits the data owner to efficiently manage the credentials of data users. Our proposed system can efficiently deal with both secret key revocation for corrupted users and accidental decryption key exposure for honest users. We analyze the security of our scheme with formal proofs, and demonstrate the high performance of the proposed system via experiments.

Xieyang Shen,Chuanhe Huang,Danxin Wang,Jiaoli Shi

DOI: https://doi.org/10.1155/2021/6686675

2021-01-01

Wireless Communications and Mobile Computing

Abstract:Information leakage and efficiency are the two main concerns of data sharing in cloud-aided IoT. The main problem is that smart devices cannot afford both energy and computation costs and tend to outsource data to a cloud server. Furthermore, most schemes focus on preserving the data stored in the cloud but omitting the access policy is typically stored in unencrypted form. In this paper, we proposed a fine-grained data access control scheme based on CP-ABE to implement access policies with a greater degree of expressiveness as well as hidden policies from curious cloud service providers. Moreover, to mitigate the extra computation cost generated by complex policies, an outsourcing service for decryption can be used by data users. Further experiments and extensive analysis show that we significantly decrease the communication and computation overhead while providing a high-level security scheme compared with the existing schemes.

Shengmin Xu,Yingjiu Li,Robert H. Deng,Yinghui Zhang,Xiangyang Luo,Ximeng Liu

DOI: https://doi.org/10.1109/TCC.2019.2936481

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:Healthcare Internet-of-Things (IoT) is an emerging paradigm that enables embedded devices to monitor patients vital signals and allows these data to be aggregated and outsourced to the cloud. The cloud enables authorized users to store and share data to enjoy on-demand services. Nevertheless, it also causes many security concerns because of the untrusted network environment, dishonest cloud service providers and resource-limited devices. To preserve patients' privacy, existing solutions usually apply cryptographic tools to offer access controls. However, fine-grained access control among authorized users is still a challenge, especially for lightweight and resource-limited end-devices. In this paper, we propose a novel healthcare IoT system fusing advantages of attribute-based encryption, cloud and edge computing, which provides an efficient, flexible, secure fine-grained access control mechanism with data verification in healthcare IoT network without any secure channel and enables data users to enjoy the lightweight decryption. We also define the formal security models and present security proofs for our proposed scheme. The extensive comparison and experimental simulation demonstrate that our scheme has better performance than existing solutions.

Xuanxia Yao,Jinyuan Zhou,Xiaojiang Du,Shurong Zhang

DOI: https://doi.org/10.1109/jiot.2024.3456553

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Nowadays, we are living in an open network environment with varieties of smart devices, which makes individual privacy face unprecedented threats. For one thing, a plenty of sensitive information may be gathered without the owners knowledge. For the other, the Internet of Things (IoT) based services and various intelligent applications require a large amount of perceptual data. And in practice, these data are usually encrypted and stored in storage providers like cloud for security and cost saving. To fully harness the productivity value of data and protect privacy, ciphertext-policy attribute-based encryption (CP-ABE) is widely used. Nevertheless, most existing CP-ABE schemes cannot work well for IoT because of the heavy overhead and the open and distributed environment. To lower the cost, a lightweight ciphertext-policy attribute-based encryption scheme without pairing is proposed and proved in the set-selective mode. Both the theoretical analysis and experiments show its advantages in computation, communication and storage overhead. For flexible access control in IoT, we attempt to employ the Masked Authenticated Message (MAM) mechanism of the IOTA to manage authorization for our CP-ABE scheme. Comparisons with similar schemes show that it can overcome the low throughput and monetary cost in other distributed ledger based access control schemes.

Yundan Yang,Fenghui Duan,Maosheng Zhang,JunJie Liu,Jin Li,Yueming Lu

DOI: https://doi.org/10.1109/dsc55868.2022.00036

2022-01-01

Abstract:With the rapid development of the Internet of Things, personal information is collected, stored and analyzed through IoT terminal devices, which is benefit for people’s daily life. However, the problems of personal private information leakage are also emerging. In terms of ciphertext data access control of the Internet of Things, it is required to implement fine-grained access control policies for the authorizer. However, the traditional security channel cannot meet the requirements of application security and privacy protection based on resisting key sharing attacks in a “many to many” environment. To solve this problem, this paper proposes a privacy protection management model based on lightweight blockchain, which includes three modules: data storage, sharing and auditing. Data storage module is used to encrypt and store the private data generated by individual users in various IoT devices. The data sharing module proposes a hybrid encryption mechanism, which allows data owners to create data access policies, and uses attribute encryption algorithm to achieve fine-grained access control of private data. The data auditing module proposes a lightweight blockchain architecture to store root of trust and life-cycle behaviors of private data, so as to realize the integrity verification and traceability of circulation trajectory. Finally, the security analysis of the proposed model can resist wireless communication eavesdropping and tampering attacks, attribute inference attack and identity impersonation attack. Simulation experiments are carried out on Fabric and lightweight blockchain systems to compare and analyze the performance consumption of calculating the root of trust, blockchain storage and query. The experimental results show that the performance of the proposed lightweight blockchain is 1666 TPS, which can meet the batch certificate storage requirements in the Internet of Things scenario.

Zhenhua Lu,Yuyan Guo,Jiguo Li,Weina Jia,Liping Lv,Jie Shen

DOI: https://doi.org/10.1155/2022/8350006

2022-04-11

Wireless Communications and Mobile Computing

Abstract:As the product of the third information technology revolution, the Internet of Things (IoT) has greatly altered our way of lifetime. Cloud storage has gradually become the best choice for data processing due to its scalability and flexibility. However, the cloud is not a completely trusted entity, such as tampering with user data or leaking personal privacy. Therefore, cloud storage usually adopts attribute-based encryption schemes to accomplish data confidentiality and fine-grained access control. However, applying the ABE scheme to the Internet of Things still faces many challenges, such as dynamic user revocation, data sharing, and excessive computational burden. In this paper, we propose a novel searchable attribute encryption system that replaces the traditional key generation center with consortium blockchain to generate and manage partial keys. In addition, our scheme can perform predecryption operations in the cloud, and users only need to spend a small amount of computational cost to achieve decryption operations. Security analysis proves that our scheme achieves security under both the chosen keyword attack and the chosen plaintext attack. Compared with other schemes, this scheme is more economical in terms of computing and storage.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saiyu Qi,Youshui Lu,Wei Wei,Xiaofeng Chen

DOI: https://doi.org/10.1109/jiot.2020.3020979

IF: 10.6

2021-02-15

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) has provided a promising opportunity to build digitalized industrial systems. A fundamental technology of IIoT is the radio-frequency identification (RFID) technique, which allows industrial participants to identify items and anchor time-series IoT data for them. They can further share the IoT data through the cloud service to enable information exchange and support critical decisions in production operations. Storing IoT data in the cloud, however, requires a data access control mechanism to protect sensitive business issues. Unfortunately, using traditional cryptographic access control schemes for time-series IoT data face severe efficiency and key leakage problems. In this article, we design a secure industrial data access control scheme for cloud-assisted IIoT. Our scheme enables participants to enforce fine-grained access control policies for their IoT data via ciphertext policy-attribute-based encryption (CP-ABE) scheme. Our scheme adopts a hybrid cloud infrastructure for participants to outsource expensive CP-ABE tasks to the cloud service with strong privacy guarantees. Importantly, our scheme guarantees a new privacy notion named item-level data protection for IoT data to prevent key leakage problem. We achieve these goals via several encryption and optimization techniques. Our performance assessments combine system implementation with large-scale emulations and confirm the security and efficiency of our design.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiang Li,Hui Tian,Jianting Ning

DOI: https://doi.org/10.1007/978-3-030-31919-9_22

2019-01-01

Abstract:To ensure the security of mass data sharing in the Internet of Things, the cloud computing platform is supposed to provide data-storage services. The ciphertext-policy attribute-based encryption (CP-ABE) schemes has attracted wide-scale attention since users can access the cloud platform in a fine-grained manner. However, there are still some problems in the existing CP-ABE schemes when directly applied in the Internet of Things environment. The problem of simultaneously achieves large computational cost in the encryption and decryption. Moreover, the privacy of access control policy actually still remains unresolved. To fill the gap of the existing schemes, this paper proposes a suitable data sharing scheme for IoT devices which can’t always be online. We use the online/offline CP-ABE technology with privacy, while hiding the access control structure and reducing the computational cost of the devices when they are online. The asymptotic complexity comparison also shows that our scheme achieves high computation efficiency.

Bian, Qingquan,Zhang, Yue,Song, Chang,Wu, Axin

DOI: https://doi.org/10.1007/s12083-023-01619-1

IF: 3.488

2024-01-12

Peer-to-Peer Networking and Applications

Abstract:Internet of Things (IoT) applications are revolutionizing lifestyles and social management. In IoT environments, there is a need to deploy a large number of sensing devices, which are typically resource-constrained, with limited computational power and communication resources. Due to its open nature, IoT applications confront potential security and privacy risks in exchange for convenience, with data privacy being a significant concern. Predicate encryption (PE) offers a promising approach to address this concern. However, most PE schemes are public-key cryptosystems, which are more expensive compared to symmetric cryptography. These costs are burdensome for resource-constrained devices, especially when dealing with massive amounts of data. A recent study by Viet et al. (ESORICS'2022) introduced a symmetric PE scheme. However, this scheme's representation of attributes and predicates is limited. To overcome this limitation, we propose a flexible symmetric PE scheme. In the proposed scheme, predicates and attributes are represented using vectors. Tokens are related to predicates, while ciphertexts are associated with attributes. The encrypted message can be decrypted when the values of the predicate vector and attribute vector are pairwise unequal. This scheme enables fine-grained access control over encrypted data, ensuring that users with any attribute value in the vector embedded in the ciphertext cannot decrypt it. The security analysis demonstrates that the proposed scheme effectively protects data privacy. Additionally, performance evaluations indicate that the scheme is efficient, providing a lightweight solution for data privacy in IoT environments.

computer science, information systems,telecommunications

Jiawei Zhang,Jianfeng Ma,Yanbo Yang,Ximeng Liu,Neal N. Xiong

DOI: https://doi.org/10.1109/jiot.2021.3122949

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Fog-assisted Internet of Things (IoT) can outsource the massive data of resource-constraint IoT devices to cloud and fog nodes (FNs). Meanwhile, it enables convenient and low time-delay data-sharing services, which relies heavily on high security of data confidentiality and fine-grained access control. Many efforts have been focused on this urgent requirement by leveraging ciphertext-policy attribute-based encryption (CP-ABE). However, when deployed in fog-assisted IoT systems for secure data sharing, it remains a challenging problem of how to preserve attribute privacy of access policy, and trace-then-revoke traitors (i.e., malicious users intending to leak decryption keys for illegal profits) efficiently and securely in such a large scale and decentralized environment with resource-constraint user devices, especially in consideration of misbehaving cloud and FNs. Therefore, in this article, we propose a revocable and privacy-preserving decentralized data-sharing framework (RPDDSF) by designing a large universe and multiauthority CP-ABE scheme with fully hidden access policy for secure data sharing in IoT systems to achieve user attribute privacy preserving with unbounded attribute universe and key escrow resistance suitable for large scale and decentralized environment. Based on this, with RPDDSF, anyone can efficiently expose the traitors and punish them by forward/backward secure revocation. Besides, RPDDSF is able to guarantee data integrity for both data owners (DOs) and users to resist misbehaving cloud and FNs, alongwith low computation overhead for resource-constraint devices. Finally, RPDDSF is proven to be secure with detailed security proofs, and its high efficiency and feasibility are demonstrated by extensive performance evaluations.

Hua Deng,Hui Yin,Zheng Qin,Lu Ou,Fangmin Li,Ningchao Ge

DOI: https://doi.org/10.1109/jiot.2024.3423367

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With an increasing amount of data produced by pervasive and ubiquitous smart devices, many Internet of Things (IoT) applications adopt the cloud platform to store and process data. To protect data security and privacy, attribute-based encryption (ABE) has been widely used in cloud-assisted IoT systems. However, most ABE schemes usually require a central authority to distribute decryption keys for all users, which may raise security and efficiency concerns; in addition, the exposure of decryption keys would severely damage the data privacy. In this paper, we introduce a novel notion of decentralized attribute-based puncturable encryption (DABPE). DABPE allows data owner to generate public and secret keys by himself, without relying on any central authority. When outsourcing data to the cloud, the data owner can encrypt data with an access policy; moreover, the data owner could issue particular keys for different data users and only those users whose keys satisfy the access policy can access the data. To achieve a flexible forward security, the data owner and data user can update their keys with some tags such that the data specified by the tags would not be revealed even if the keys are disclosed. We design a concrete DABPE scheme and prove its security in the standard model, and also conduct extensive experiments to show the efficiency of the proposed scheme.