Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes

2017 ◽  
Vol 17 (5) ◽  
pp. 533-548 ◽  
Author(s):  
Yinhao Jiang ◽  
Willy Susilo ◽  
Yi Mu ◽  
Fuchun Guo
Keyword(s):  
Access Policy ◽  
Attribute Based Encryption ◽  
Ciphertext Policy

scholarly journals Ciphertext-Policy Attribute-based Encryption with Hidden Sensitive Policy for Recruitment in Smart City

2020 ◽  
Author(s):  
Fei Meng ◽  
Leixiao Cheng ◽  
Mingqiang Wang
Keyword(s):  
Smart City ◽  
End Users ◽  
The Other ◽  
Sensitive Information ◽  
Security Model ◽  
Access Policy ◽  
Computational Overhead ◽  
Attribute Based Encryption ◽  
Ciphertext Policy ◽  
Access Policies

Abstract Smart city, as a promising technical tendency, greatly facilitates citizens and generates innumerable data, some of which is very private and sensitive. To protect data from unauthorized users, ciphertext-policy attribute-based encryption (CP-ABE) enables data owner to specify an access policy on encrypted data. However, There are two drawbacks in traditional CP-ABE schemes. On the one hand, the access policy is revealed in the ciphertext so that sensitive information contained in the policy is exposed to anyone who obtains the ciphertext. For example, both the plaintext and access policy of an encrypted recruitment may reveal the company's future development plan. On the other hand, the decryption time scales linearly with the complexity of the access, which makes it unsuitable for resource-limited end users. In this paper, we propose a CP-ABE scheme with hidden sensitive policy for recruitment in smart city. Specifically, we introduce a new security model chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and fully hidden, only if user's attributes satisfy the public policy, it's possible for him/her to learn about the hidden policy, otherwise he/she cannot get any information (attribute name and its values) of it. When the user satisfies both access policies, he/she can obtain and decrypt the ciphertext. Compared with other CP-ABE schemes, our scheme supports a more expressive access policy, since the access policy of their schemes only work on the ``AND-gate'' structure. In addition, intelligent devices spread all over the smart city, so partial computational overhead of encryption of our scheme can be outsourced to these devices as fog nodes, while most part overhead in the decryption process is outsourced to the cloud. Therefore, our scheme is more applicable to end users with resource-constrained mobile devices. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

scholarly journals Ciphertext-Policy Attribute-Based Encryption for Cloud Storage: Toward Data Privacy and Authentication in AI-Enabled IoT System

Mathematics ◽  
2021 ◽  
Vol 10 (1) ◽  
pp. 68
Author(s):  
P. Chinnasamy ◽  
P. Deepalakshmi ◽  
Ashit Kumar Dutta ◽  
Jinsang You ◽  
Gyanendra Prasad Joshi
Keyword(s):  
Data Privacy ◽  
Partial Information ◽  
User Privacy ◽  
Access Policy ◽  
Insider Attack ◽  
Attribute Based Encryption ◽  
Encryption Schemes ◽  
A New Technique ◽  
Ciphertext Policy ◽  
Cloud Servers

People can store their data on servers in cloud computing and allow public users to access data via data centers. One of the most difficult tasks is to provide security for the access policy of data, which is also needed to be stored at cloud servers. The access structure (policy) itself may reveal partial information about what the ciphertext contains. To provide security for the access policy of data, a number of encryption schemes are available. Among these, CP-ABE (Ciphertext-Policy Attribute-Based Encryption) scheme is very significant because it helps to protect, broadcast, and control the access of information. The access policy that is sent as plaintext in the existing CP-ABE scheme along with a ciphertext may leak user privacy and data privacy. To resolve this problem, we hereby introduce a new technique, which hides the access policy using a hashing algorithm and provides security against insider attack using a signature verification scheme. The proposed system is compared with existing CP-ABE schemes in terms of computation and expressive policies. In addition, we can test the functioning of any access control that could be implemented in the Internet of Things (IoT). Additionally, security against indistinguishable adaptive chosen ciphertext attacks is also analyzed for the proposed work.

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

2019 ◽  
Vol 13 (4) ◽  
pp. 12-27
Author(s):  
G. Sravan Kumar ◽  
A. Sri Krishna
Keyword(s):  
Access Control ◽  
Data Storage ◽  
Private Information ◽  
Data Security ◽  
Bloom Filters ◽  
Communication Overhead ◽  
Access Policy ◽  
Fine Grained ◽  
Attribute Based Encryption ◽  
Ciphertext Policy

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

scholarly journals Ciphertext-Policy Attribute-based Encryption with Hidden Sensitive Policy from Keyword Search Techniques in Smarty City

2020 ◽  
Author(s):  
Fei Meng ◽  
Leixiao Cheng ◽  
Mingqiang Wang
Keyword(s):  
Smart City ◽  
Keyword Search ◽  
End Users ◽  
The Other ◽  
Sensitive Information ◽  
Security Model ◽  
Access Policy ◽  
Attribute Based Encryption ◽  
Ciphertext Policy ◽  
Access Policies

Abstract Smart city greatly facilitates citizens and generates innumerable data, some of which is very private and sensitive. To protect data from unauthorized users, ciphertext-policy attribute-based encryption (CP-ABE) enables data owner to specify an access policy on encrypted data. However, There are two drawbacks in traditional CP-ABE schemes. On the one hand, the access policy is revealed in the ciphertext so that sensitive information contained in the policy is exposed to anyone who obtains the ciphertext. For example, both the plaintext and access policy of an encrypted recruitment may reveal the company’s future development plan. On the other hand, the decryption time scales linearly with the complexity of the access, which makes it unsuitable for resource-limited end users. In this paper, we propose a CP-ABE scheme with hidden sensitive policy from keyword search (KS) techniques in smart city. Specifically, we introduce a new security model chosen sensitive policy security : two access policies embedded in the ciphertext, one is public and the other is sensitive and fully hidden, only if user’s attributes satisfy the public policy, it’s possible for him/her to learn about the hidden policy, otherwise he/she cannot get any information (attribute name and its values) of it. When the user satisfies both access policies, he/she can obtain and decrypt the ciphertext. Compared with other CP-ABE schemes, our scheme exploits KS techniques to achieve more expressive and efficient, while the access policy of their schemes only work on the “AND-gate” structure or their ciphertext size or decryption time maybe super-polynomial. In addition, intelligent devices spread all over the smart city, so partial computational overhead of encryption of our scheme can be outsourced to these devices as fog nodes, while most part overhead in the decryption process is outsourced to the cloud.Therefore, our scheme is more applicable to end users with resource-constrained mobile devices. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

scholarly journals Towards Virtuous Cloud Data Storage Using Access Policy Hiding in Ciphertext Policy Attribute-Based Encryption

2021 ◽  
Vol 13 (11) ◽  
pp. 279
Author(s):  
Siti Dhalila Mohd Satar ◽  
Masnida Hussin ◽  
Zurina Mohd Hanapi ◽  
Mohamad Afendee Mohamed
Keyword(s):  
Data Storage ◽  
Cloud Storage ◽  
Security Analysis ◽  
Data Access ◽  
Logical Connective ◽  
Encrypted Data ◽  
Cloud Data ◽  
Access Policy ◽  
Attribute Based Encryption ◽  
Ciphertext Policy

Managing and controlling access to the tremendous data in Cloud storage is very challenging. Due to various entities engaged in the Cloud environment, there is a high possibility of data tampering. Cloud encryption is being employed to control data access while securing Cloud data. The encrypted data are sent to Cloud storage with an access policy defined by the data owner. Only authorized users can decrypt the encrypted data. However, the access policy of the encrypted data is in readable form, which results in privacy leakage. To address this issue, we proposed a reinforcement hiding in access policy over Cloud storage by enhancing the Ciphertext Policy Attribute-based Encryption (CP-ABE) algorithm. Besides the encryption process, the reinforced CP-ABE used logical connective operations to hide the attribute value of data in the access policy. These attributes were converted into scrambled data along with a ciphertext form that provides a better unreadability feature. It means that a two-level concealed tactic is employed to secure data from any unauthorized access during a data transaction. Experimental results revealed that our reinforced CP-ABE had a low computational overhead and consumed low storage costs. Furthermore, a case study on security analysis shows that our approach is secure against a passive attack such as traffic analysis.

scholarly journals Access Control Based on Different User Privileges in Social Media

2020 ◽  
Vol 9 (8) ◽  
pp. 380-385
Keyword(s):  
Social Media ◽  
User Satisfaction ◽  
Boolean Formula ◽  
Access Structure ◽  
Access Policy ◽  
Attribute Based Encryption ◽  
The Media ◽  
Ciphertext Policy ◽  
Multi Access ◽  
Media Stream

The emergence of social media lead to people around the world is widely using it. There are varieties of applications under this category for diverse purposes. Day by day, the security concerns related to this area is increasing since it is a medium which connect people. At present, the single access policy is present. That is whether a user can access the media content or not. Hence multi access policy can provide more user satisfaction. On the other hand video and image can be encoded into different qualities. Ciphertext Policy Attribute-Based Encryption is used for encrypting keys used in symmetric encryption. Here introducing Linear Secret Sharing Scheme (LSSS) to the scalable social media stream security. The LSSS mechanism is adopted to increase the expressiveness of the monotone access structure. By utilizing an LSS Scheme the access structure becomes more protective. This algorithm is very useful in practice as a ciphertext policy can now be intuitively expressed using a monotone Boolean formula, which has good usability, and the corresponding LSSS for an actual CP-ABE construction can then be generated accordingly using this algorithm.

scholarly journals A Privacy Preserving and Efficient Multi Authority – CP-ABE Scheme for Secure Cloud Communication

2021 ◽  
Author(s):  
Shardha Porwal ◽  
Sangeeta Mittal
Keyword(s):  
Communication Overhead ◽  
Computing Environment ◽  
Constant Length ◽  
Cloud Computing Environment ◽  
Key Escrow ◽  
Access Policy ◽  
Attribute Based Encryption ◽  
Encryption And Decryption ◽  
Share Data ◽  
Ciphertext Policy

In the cloud computing environment, Multi authority Ciphertext Policy-Attribute Based Encryption (CP-ABE) schemes are used as a key escrow free solution to securely and efficiently share data over cloud. However, the length of ciphertext in existing Multi Authority-CP-ABE schemes increases with the number of attributes in the access policy. Moreover, these schemes do not protect against dishonest attribute authorities. In this paper, a constant length ciphertext Multi Authority-CP-ABE scheme is proposed that reduces the communication overhead over the network. The scheme also prevents dishonest authority from compromising the system. Apart from this, for enhanced privacy of receivers, the access policy is communicated in hidden form. Thus, the presented scheme provides an efficient corrupt resistant, key escrow free Multi Authority-CP-ABE scheme by generating constant length ciphertext and hidden access structure. Results demonstrate the enhanced security and reduced cost of encryption and decryption by 8% and 48% respectively as compared to other existing works.

scholarly journals Modified Ciphertext-Policy Attribute-Based Encryption Scheme with Efficient Revocation for PHR System

2017 ◽  
Vol 2017 ◽  
pp. 1-10 ◽  
Author(s):  
Hongying Zheng ◽  
Jieming Wu ◽  
Bo Wang ◽  
Jianyong Chen
Keyword(s):  
Cloud Storage ◽  
Personal Health Record ◽  
Storage System ◽  
Personal Health ◽  
Encryption Scheme ◽  
Promising Technique ◽  
Access Policy ◽  
Attribute Based Encryption ◽  
Role Based ◽  
Ciphertext Policy

Attribute-based encryption (ABE) is considered a promising technique for cloud storage where multiple accessors may read the same file. For storage system with specific personal health record (PHR), we propose a modified ciphertext-policy attribute-based encryption scheme with expressive and flexible access policy for public domains. Our scheme supports multiauthority scenario, in which the authorities work independently without an authentication center. For attribute revocation, it can generate different update parameters for different accessors to effectively resist both accessor collusion and authority collusion. Moreover, a blacklist mechanism is designed to resist role-based collusion. Simulations show that the proposed scheme can achieve better performance with less storage occupation, computation assumption, and revocation cost compared with other schemes.

Sign in / Sign up

Export Citation Format

Share Document