Ciphertext policy attribute based encryption with immediate attribute revocation for fine-grained access control in cloud storage

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

Download Full-text

Research on Ciphertext-Policy Attribute-Based Encryption with Attribute Level User Revocation in Cloud Storage

Mathematical Problems in Engineering ◽

10.1155/2017/4070616 ◽

2017 ◽

Vol 2017 ◽

pp. 1-12 ◽

Cited By ~ 3

Author(s):

Guangbo Wang ◽

Jianhua Wang

Keyword(s):

Access Control ◽

Cloud Storage ◽

Control Policy ◽

Attribute Level ◽

Fine Grained ◽

Computational Load ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Important Challenge ◽

Ciphertext Policy

Attribute-based encryption (ABE) scheme is more and more widely used in the cloud storage, which can achieve fine-grained access control. However, it is an important challenge to solve dynamic user and attribute revocation in the original scheme. In order to solve this problem, this paper proposes a ciphertext-policy ABE (CP-ABE) scheme which can achieve attribute level user attribution. In this scheme, if some attribute is revoked, then the ciphertext corresponding to this attribute will be updated so that only the individuals whose attributes meet the access control policy and have not been revoked will be able to carry out the key updating and decrypt the ciphertext successfully. This scheme is proved selective-structure secure based on the q-Parallel Bilinear Diffie-Hellman Exponent (BDHE) assumption in the standard model. Finally, the performance analysis and experimental verification have been carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although our scheme increases the computational load of storage service provider (CSP) in order to achieve the attribute revocation, it does not need the participation of attribute authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except for the private key, thus saving the storage space greatly.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text

Fine-grained user access control in ciphertext-policy attribute-based encryption

Security and Communication Networks ◽

10.1002/sec.345 ◽

2011 ◽

Vol 5 (3) ◽

pp. 253-261 ◽

Cited By ~ 6

Author(s):

Junbeom Hur ◽

Chanil Park ◽

Seong Oun Hwang

Keyword(s):

Access Control ◽

Fine Grained ◽

Attribute Based Encryption ◽

User Access ◽

Ciphertext Policy

Download Full-text

Ciphertext-Policy Weighted Attribute Based Encryption for Fine-Grained Access Control

2013 5th International Conference on Intelligent Networking and Collaborative Systems ◽

10.1109/incos.2013.18 ◽

2013 ◽

Cited By ~ 8

Author(s):

Ximeng Liu ◽

Jianfeng Ma ◽

Jinbo Xiong ◽

Qi Li ◽

Jun Ma

Keyword(s):

Access Control ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Download Full-text

Speech Encryption Scheme Based on Ciphertext Policy Hierarchical Attribute in Cloud Storage

Security and Communication Networks ◽

10.1155/2021/9606240 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Qiuyu Zhang ◽

Zhenyu Zhao ◽

Minrui Fu

Keyword(s):

Access Control ◽

Cloud Storage ◽

Random Oracle Model ◽

Access Structure ◽

Encryption Scheme ◽

Hierarchical Processing ◽

Fine Grained ◽

Speech Data ◽

Speech Encryption ◽

Ciphertext Policy

In order to ensure the confidentiality and secure sharing of speech data, and to solve the problems of slow deployment of attribute encryption systems and fine-grained access control in cloud storage, a speech encryption scheme based on ciphertext policy hierarchical attributes was proposed. First, perform hierarchical processing of the attributes of the speech data to reflect the hierarchical structure and integrate the hierarchical access structure into a single-access structure. Second, use the attribute fast encryption framework to construct the attribute encryption scheme of the speech data, and use the integrated access to the speech data; thus, the structure is encrypted and uploaded to the cloud for storage and sharing. Finally, use the hardness of decisional bilinear Diffie–Hellman (DBDH) assumption to prove that the proposed scheme is secure in the random oracle model. The theoretical security analysis and experimental results show that the proposed scheme can achieve efficient and fine-grained access control and is secure and extensible.

Download Full-text

Research on Access Control Based on CP-ABE Algorithm and Cloud Computing

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.513-517.2273 ◽

2014 ◽

Vol 513-517 ◽

pp. 2273-2276

Author(s):

Shao Min Zhang ◽

Jun Ran ◽

Bao Yi Wang

Keyword(s):

Cloud Computing ◽

Access Control ◽

Control Policy ◽

Massive Data ◽

Access Control Policy ◽

Fine Grained ◽

Network Bandwidth ◽

Private Key ◽

Attribute Based Encryption ◽

Ciphertext Policy

Ciphertext-Policy Attribute-based encryption (CP-ABE) mechanism is an extension of attribute-based encryption which associates the ciphertext and user's private key with the attribute by taking the attribute as a public key. It makes the representation of the access control policy more flexible, thus greatly reduces the network bandwidth and processing overhead of sending node brought by fine-grained access control of data sharing. According to the principle of CP-ABE encryption mechanism for this mechanism, an improved cloud computing-based encryption algorithm was proposed in this paper to overcome the deficiencies of permission changing process under the massive data. Experimental results show that compared with traditional methods, the new mechanism significantly reduces time-consuming.

Download Full-text

Implementing secure data access control for multi-authority cloud storage system using Ciphertext Policy-Attribute based encryption

International Conference on Information Communication and Embedded Systems (ICICES2014) ◽

10.1109/icices.2014.7033749 ◽

2014 ◽

Author(s):

S. Vijaya Lekshmi ◽

M. P. Revathi

Keyword(s):

Access Control ◽

Cloud Storage ◽

Storage System ◽

Data Access ◽

Data Access Control ◽

Attribute Based Encryption ◽

Secure Data ◽

Ciphertext Policy

Download Full-text

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019100102 ◽

2019 ◽

Vol 13 (4) ◽

pp. 12-27

Author(s):

G. Sravan Kumar ◽

A. Sri Krishna

Keyword(s):

Access Control ◽

Data Storage ◽

Private Information ◽

Data Security ◽

Bloom Filters ◽

Communication Overhead ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

Download Full-text

An Efficient ECC-Based CP-ABE Scheme for Power IoT

Processes ◽

10.3390/pr9071176 ◽

2021 ◽

Vol 9 (7) ◽

pp. 1176

Author(s):

Rui Cheng ◽

Kehe Wu ◽

Yuling Su ◽

Wei Li ◽

Wenchao Cui ◽

...

Keyword(s):

Access Control ◽

Elliptic Curve Cryptography ◽

Energy Production ◽

Control Function ◽

Rapid Development ◽

Bilinear Pairing ◽

Security And Privacy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

Download Full-text