An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length

There is an acceleration of adoption of cloud computing among enterprises. However, moving the infrastructure and sensitive data from trusted domain of the data owner to public cloud will pose severe security and privacy risks. Attribute-based encryption (ABE) is a new cryptographic primitive which provides a promising tool for addressing the problem of secure and fine-grained data sharing and decentralized access control. Key-policy attribute-based encryption (KP-ABE) is an important type of ABE, which enables senders to encrypt messages under a set of attributes and private keys are associated with access structures that specify which ciphertexts the key holder will be allowed to decrypt. In most existing KP-ABE scheme, the ciphertext size grows linearly with the number of attributes embedded in ciphertext. In this paper, we propose a new KP-ABE construction with constant ciphertext size. In our construction, the access policy can be expressed as any monotone access structure. Meanwhile, the ciphertext size is independent of the number of ciphertext attributes, and the number of bilinear pairing evaluations is reduced to a constant. We prove that our scheme is semantically secure in the selective-set model based on the general Diffie-Hellman exponent assumption.

Download Full-text

Implementation of an Attribute-Based Encryption Scheme Based on SM9

Applied Sciences ◽

10.3390/app9153074 ◽

2019 ◽

Vol 9 (15) ◽

pp. 3074

Author(s):

Yang Shi ◽

Zhiyuan Ma ◽

Rufu Qin ◽

Xiaoping Wang ◽

Wujing Wei ◽

...

Keyword(s):

Smart Phone ◽

Regulatory Compliance ◽

Bilinear Pairing ◽

Encryption Scheme ◽

Sensitive Data ◽

Fine Grained ◽

Fundamental Building Block ◽

Attribute Based Encryption ◽

Identity Based ◽

Computing Platforms

In recent years, attribute-based encryption (ABE) has been widely applied in mobile computing, cloud computing, and the Internet of things, for supporting flexible and fine-grained access control of sensitive data. In this paper, we present a novel attribute-based encryption scheme that is based on bilinear pairing over Barreto and Naehrig curves (BN-curves). The identity-based encryption scheme SM9, which is a Chinese commercial cryptographic standard and a forthcoming part of ISO/IEC11770-3, has been used as the fundamental building block, and thus we first introduce SM9 and present our SM9 implementation in details. Subsequently, we propose the design and implementation of the ABE scheme. Moreover, we also develop a hybrid ABE for achieving lower ciphertext expansion rate when the size of access structure or plaintext is large. The performance and energy consumption of the implementation of the proposed ABE and its hybrid version are evaluated with a workstation, a PC, a smart phone, and an embedded device. The experimental results indicated that our schemes work well on various computing platforms. Moreover, the proposed schemes and their implementations would benefit developers in building applications that fulfill the regulatory compliance with the Chinese commercial cryptographic standard since there is no existing ABE scheme compatible with any Chinese cryptographic standard.

Download Full-text

A Novel File Hierarchy Access Control Scheme Using Attribute-Based Encryption

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.701-702.911 ◽

2014 ◽

Vol 701-702 ◽

pp. 911-918 ◽

Cited By ~ 1

Author(s):

Shu Lan Wang ◽

Jian Ping Yu ◽

Peng Zhang ◽

Ping Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Access Structure ◽

Secret Key ◽

Chosen Plaintext Attack ◽

Fine Grained ◽

Access Structures ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Control Scheme

Attribute-based encryption (ABE) can keep data privacy and realize fine-grained access control. However, the notion of file hierarchy hasn't been presented until now. The problem, the multiple hierarchical files to be shared only using once encryption scheme, cannot be effectively solved. Based on the access structure layered model, a novel access control scheme about file hierarchy is proposed by using ABE to solve the problem. The proposed scheme will not only decrease the number of access structures to one, but also only require a secret key to decrypt all the authorization files. It is proved to be secure against the chosen-plaintext attack (CPA) under the decision bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis results indicate that the proposed scheme is efficient and practical when a large number of hierarchical files are shared.

Download Full-text

An Efficient ECC-Based CP-ABE Scheme for Power IoT

Processes ◽

10.3390/pr9071176 ◽

2021 ◽

Vol 9 (7) ◽

pp. 1176

Author(s):

Rui Cheng ◽

Kehe Wu ◽

Yuling Su ◽

Wei Li ◽

Wenchao Cui ◽

...

Keyword(s):

Access Control ◽

Elliptic Curve Cryptography ◽

Energy Production ◽

Control Function ◽

Rapid Development ◽

Bilinear Pairing ◽

Security And Privacy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

Download Full-text

A novel Security Aware Sensitive Encrypted Storage approach to improve the encryption of big data

10.21203/rs.3.rs-80029/v1 ◽

2020 ◽

Author(s):

Gitanjali Gupta ◽

Kamlesh Lakhwani

Keyword(s):

Elliptic Curve ◽

Computing Time ◽

Operating Time ◽

Cloud Service ◽

Security And Privacy ◽

Financial Industry ◽

Sensitive Data ◽

Machine Learning Classification ◽

Classification Technique ◽

Diffie Hellman

Abstract The data security and privacy have become a critical issue that restricts many cloud applications. One of the major concerns about security and privacy is the fact that cloud operators have the opportunity to access sensitive data. This concern dramatically increases user anxieties and reduces the acceptability of cloud computing in many areas, such as the financial industry and government agencies. This paper focuses on this issue and proposes an intelligent approach to cryptography, which would make it impossible for cloud service operators to reach sensitive data directly. The suggested method divides the file with precision using an intelligent classification technique. An alternative approach is designed to determine whether data packets need splitting to shorten operating time and reduce storage space. Our experimental assessments of both safety and efficiency performance and experimental results show that our approach can effectively address major cloud hazards and that it requires an acceptable computing time using an intelligent machine learning classification technique. We have proposed a novel approach entitled as a model for Security Aware Sensitive Encrypted Storage (SA-SES). In this model, we used our proposed algorithms, including Convolution Neural Network with Logistic Regression (CNN-LR), Elliptic-curve Diffie–Hellman-Shifted Adaption Homomorphism Encryption (ECDH-SAHE) and Elliptic-curve Diffie–Hellman-Shifted Adaption Homomorphism Decryption (ECDH-SAHD) .

Download Full-text

Traceable Attribute-Based Secure Data Sharing with Hidden Policies in Mobile Health Networks

Mobile Information Systems ◽

10.1155/2020/3984048 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Xueyan Liu ◽

Yukun Luo ◽

Xiaotao Yang

Keyword(s):

Bilinear Pairing ◽

Health Networks ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Data Owner ◽

Data User ◽

Efficient Scheme ◽

And Performance ◽

The One

The growing need to store, share, and manage medical and health records has resulted in electronic medical health sharing system (mHealth), which provides intelligent medical treatment for people. Attribute-based encryption (ABE) is regarded as a new cryptology to enhance fine-grained access control over encrypted sharing data in mHealth. However, some existing attribute-based mHealth systems not only violate the one-to-many application characteristics of attribute-based encryption mechanism but also destroy the anonymity of user. In this study, an efficient scheme is proposed to tackle the above defaults and offer two-way anonymity of data owner and data user by introducing a pseudoidentity. The computation of hidden access policy is reduced by removing the bilinear pairing, whereas the interaction between cloud storage and data user is avoided to save bandwidth during trapdoor generation. We also consider the temporal factor of the uploaded information by introducing access validity. Security and performance analyses show that the proposed scheme is efficient without reducing security.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text

An Attribute-Based Searchable Encryption Scheme for Non-Monotonic Access Structure

Handbook of Research on Intrusion Detection Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2242-4.ch013 ◽

2020 ◽

pp. 263-283 ◽

Cited By ~ 1

Author(s):

Mamta ◽

Brij B. Gupta

Keyword(s):

Access Control ◽

Searchable Encryption ◽

Access Structure ◽

Encryption Scheme ◽

Security Model ◽

Secret Key ◽

Fine Grained ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Encryption Schemes

Attribute based encryption (ABE) is a widely used technique with tremendous application in cloud computing because it provides fine-grained access control capability. Owing to this property, it is emerging as a popular technique in the area of searchable encryption where the fine-grained access control is used to determine the search capabilities of a user. But, in the searchable encryption schemes developed using ABE it is assumed that the access structure is monotonic which contains AND, OR and threshold gates. Many ABE schemes have been developed for non-monotonic access structure which supports NOT gate, but this is the first attempt to develop a searchable encryption scheme for the same. The proposed scheme results in fast search and generates secret key and search token of constant size and also the ciphertext components are quite fewer than the number of attributes involved. The proposed scheme is proven secure against chosen keyword attack (CKA) in selective security model under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

A Lightweight Fine-Grained Search Scheme over Encrypted Data in Cloud-Assisted Wireless Body Area Networks

Wireless Communications and Mobile Computing ◽

10.1155/2019/9340808 ◽

2019 ◽

Vol 2019 ◽

pp. 1-12 ◽

Cited By ~ 2

Author(s):

Mingsheng Cao ◽

Luhan Wang ◽

Zhiguang Qin ◽

Chunwei Lou

Keyword(s):

Keyword Search ◽

Body Area Networks ◽

Wireless Body Area Networks ◽

Security And Privacy ◽

Body Area ◽

Encrypted Data ◽

Fine Grained ◽

Resource Limited ◽

Attribute Based Encryption ◽

Ciphertext Policy

The wireless body area networks (WBANs) have emerged as a highly promising technology that allows patients’ demographics to be collected by tiny wearable and implantable sensors. These data can be used to analyze and diagnose to improve the healthcare quality of patients. However, security and privacy preserving of the collected data is a major challenge on resource-limited WBANs devices and the urgent need for fine-grained search and lightweight access. To resolve these issues, in this paper, we propose a lightweight fine-grained search over encrypted data in WBANs by employing ciphertext policy attribute based encryption and searchable encryption technologies, of which the proposed scheme can provide resource-constraint end users with fine-grained keyword search and lightweight access simultaneously. We also formally define its security and prove that it is secure against both chosen plaintext attack and chosen keyword attack. Finally, we make a performance evaluation to demonstrate that our scheme is much more efficient and practical than the other related schemes, which makes the scheme more suitable for the real-world applications.

Download Full-text

A password-authenticated secure channel for App to Java Card applet communication

International Journal of Pervasive Computing and Communications ◽

10.1108/ijpcc-09-2015-0032 ◽

2015 ◽

Vol 11 (4) ◽

pp. 374-397 ◽

Cited By ~ 4

Author(s):

Michael Hölzl ◽

Endalkachew Asnake ◽

Rene Mayrhofer ◽

Michael Roland

Keyword(s):

Mobile Devices ◽

Data Transfer ◽

Computation Time ◽

Security And Privacy ◽

Sensitive Data ◽

Content Type ◽

Fine Grained ◽

Java Card ◽

Dedicated Hardware ◽

Secure Channel

Purpose – The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever. Design/methodology/approach – A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. Findings – To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time. Originality/value – By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

Download Full-text

A Novel method to represent Access Tree structure by Context Free Grammar with and-or graph in Key Policy based Attribute based Encryption

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i4.10.20946 ◽

2018 ◽

Vol 7 (4.10) ◽

pp. 396

Author(s):

K. Senthil Kumar ◽

D. Malathi

Keyword(s):

Access Control ◽

Control Structure ◽

Expressive Power ◽

Third Party ◽

Efficient Manner ◽

Context Free Grammar ◽

Fine Grained ◽

Attribute Based Encryption ◽

Key Policy ◽

Context Free

Important and sensitivity data of users in a third party managed internet or cloud always pose various security as well as privacy issues. Attribute-based encryption (ABE) is a pleasant trend in the literature which addresses above problem in an efficient way, and provides data security and fine-grained access control in a decentralized manner,. Key-policy attribute-based encryption (KP-ABE) is an important type of ABE, in which user can decrypt his message with a set of attributes and private keys are embedded with a access control structure which defines which cipher text an user can be allowed to decrypt. In this paper we use a probabilistic context free grammar with an And-Or structure to represent access control structure. And-Or graph has high expressive power hence access control structure can be represented in an efficient manner.

Download Full-text