Traceable Attribute-Based Secure Data Sharing with Hidden Policies in Mobile Health Networks

The growing need to store, share, and manage medical and health records has resulted in electronic medical health sharing system (mHealth), which provides intelligent medical treatment for people. Attribute-based encryption (ABE) is regarded as a new cryptology to enhance fine-grained access control over encrypted sharing data in mHealth. However, some existing attribute-based mHealth systems not only violate the one-to-many application characteristics of attribute-based encryption mechanism but also destroy the anonymity of user. In this study, an efficient scheme is proposed to tackle the above defaults and offer two-way anonymity of data owner and data user by introducing a pseudoidentity. The computation of hidden access policy is reduced by removing the bilinear pairing, whereas the interaction between cloud storage and data user is avoided to save bandwidth during trapdoor generation. We also consider the temporal factor of the uploaded information by introducing access validity. Security and performance analyses show that the proposed scheme is efficient without reducing security.

Download Full-text

Outsourced ciphertext-policy attribute-based encryption with partial policy hidden

International Journal of Distributed Sensor Networks ◽

10.1177/1550147720926368 ◽

2020 ◽

Vol 16 (5) ◽

pp. 155014772092636

Author(s):

Jinxia Yu ◽

Guanghui He ◽

Xixi Yan ◽

Yongli Tang ◽

Rongxia Qin

Keyword(s):

Bilinear Pairing ◽

Sensitive Information ◽

Privacy Concerns ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Cloud Server ◽

And Performance ◽

Ciphertext Policy ◽

Access Policies

Attribute-based encryption is an efficient and flexible fine-grained access control scheme. However, how to realize the attribute privacy concerns in the access policy and optimize the heavy computing overhead have been not adequately addressed. First, in view of the open-access policies formulated by data owners in the cloud environment and the linear growth of bilinear pairing operations with the number of attributes in the decryption process, a verifiable outsourced attribute-based encryption with partial policy hidden scheme is proposed, in which the attribute name of access policy can be sent while attribute value involving sensitive information can be hidden, so nobody can infer information from the access policy. Second, the bilinear pairing operation and modular power operation are outsourced to the cloud server, then users only need to perform constant exponential operation to decrypt. In addition, the proposed scheme is based on the composite order bilinear group and satisfies full secure under the standard model. Finally, compared with other schemes in term of function and performance, it shows that this scheme is more efficient and suitable for resource-constrained mobile devices in outsourcing environment.

Download Full-text

BSSPD: A Blockchain-Based Security Sharing Scheme for Personal Data with Fine-Grained Access Control

Wireless Communications and Mobile Computing ◽

10.1155/2021/6658920 ◽

2021 ◽

Vol 2021 ◽

pp. 1-20

Author(s):

Hongmin Gao ◽

Zhaofeng Ma ◽

Shoushan Luo ◽

Yanping Xu ◽

Zheng Wu

Keyword(s):

Access Control ◽

Data Sharing ◽

Personal Data ◽

Security And Privacy ◽

Access Policy ◽

Fine Grained ◽

Sharing Scheme ◽

Data Owner ◽

Data User ◽

Cloud Server

Privacy protection and open sharing are the core of data governance in the AI-driven era. A common data-sharing management platform is indispensable in the existing data-sharing solutions, and users upload their data to the cloud server for storage and dissemination. However, from the moment users upload the data to the server, they will lose absolute ownership of their data, and security and privacy will become a critical issue. Although data encryption and access control are considered up-and-coming technologies in protecting personal data security on the cloud server, they alleviate this problem to a certain extent. However, it still depends too much on a third-party organization’s credibility, the Cloud Service Provider (CSP). In this paper, we combined blockchain, ciphertext-policy attribute-based encryption (CP-ABE), and InterPlanetary File System (IPFS) to address this problem to propose a blockchain-based security sharing scheme for personal data named BSSPD. In this user-centric scheme, the data owner encrypts the sharing data and stores it on IPFS, which maximizes the scheme’s decentralization. The address and the decryption key of the shared data will be encrypted with CP-ABE according to the specific access policy, and the data owner uses blockchain to publish his data-related information and distribute keys for data users. Only the data user whose attributes meet the access policy can download and decrypt the data. The data owner has fine-grained access control over his data, and BSSPD supports an attribute-level revocation of a specific data user without affecting others. To further protect the data user’s privacy, the ciphertext keyword search is used when retrieving data. We analyzed the security of the BBSPD and simulated our scheme on the EOS blockchain, which proved that our scheme is feasible. Meanwhile, we provided a thorough analysis of the storage and computing overhead, which proved that BSSPD has a good performance.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text

Multiple Access Control Struction for Cloud with Ciphertext

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.556-562.5888 ◽

2014 ◽

Vol 556-562 ◽

pp. 5888-5892

Author(s):

An Ping Xiong ◽

Xin Xin He

Keyword(s):

Access Control ◽

General Scheme ◽

Computational Cost ◽

Cloud Service ◽

Fine Grained ◽

Access Control Policies ◽

Attribute Based Encryption ◽

Data Owner ◽

Multiple Threshold ◽

Heavy Work

The attribute-based encryption scheme of cloud storage application environment helps achieve a flexible access control and confidentiality of the data. However, at present efficient and fine-grained access control can not be achieved. This is caused by the heavy re-encryption workload of data owner while attribute revocation. Besides, there is no solution to revoke user directly. By introducing key segmentation and proxy re-encryption technology to encrypt the part of the heavy work to the cloud service provider to perform, the new scheme greatly reduces the computational cost of data owner. In addition, a special attribute which the data owner controls independently is added to construct different attribute domains of CP-ABE so that the data owner can completely control of the user permissions. The new scheme not only can support multiple threshold fine access control policies, but also can achieve cancellation directly to the user as well as to the user attribute. Experimental results show that the new scheme is superior to the general scheme, achieve highly efficient, fine, and flexible access control.

Download Full-text

Implementation of an Attribute-Based Encryption Scheme Based on SM9

Applied Sciences ◽

10.3390/app9153074 ◽

2019 ◽

Vol 9 (15) ◽

pp. 3074

Author(s):

Yang Shi ◽

Zhiyuan Ma ◽

Rufu Qin ◽

Xiaoping Wang ◽

Wujing Wei ◽

...

Keyword(s):

Smart Phone ◽

Regulatory Compliance ◽

Bilinear Pairing ◽

Encryption Scheme ◽

Sensitive Data ◽

Fine Grained ◽

Fundamental Building Block ◽

Attribute Based Encryption ◽

Identity Based ◽

Computing Platforms

In recent years, attribute-based encryption (ABE) has been widely applied in mobile computing, cloud computing, and the Internet of things, for supporting flexible and fine-grained access control of sensitive data. In this paper, we present a novel attribute-based encryption scheme that is based on bilinear pairing over Barreto and Naehrig curves (BN-curves). The identity-based encryption scheme SM9, which is a Chinese commercial cryptographic standard and a forthcoming part of ISO/IEC11770-3, has been used as the fundamental building block, and thus we first introduce SM9 and present our SM9 implementation in details. Subsequently, we propose the design and implementation of the ABE scheme. Moreover, we also develop a hybrid ABE for achieving lower ciphertext expansion rate when the size of access structure or plaintext is large. The performance and energy consumption of the implementation of the proposed ABE and its hybrid version are evaluated with a workstation, a PC, a smart phone, and an embedded device. The experimental results indicated that our schemes work well on various computing platforms. Moreover, the proposed schemes and their implementations would benefit developers in building applications that fulfill the regulatory compliance with the Chinese commercial cryptographic standard since there is no existing ABE scheme compatible with any Chinese cryptographic standard.

Download Full-text

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019100102 ◽

2019 ◽

Vol 13 (4) ◽

pp. 12-27

Author(s):

G. Sravan Kumar ◽

A. Sri Krishna

Keyword(s):

Access Control ◽

Data Storage ◽

Private Information ◽

Data Security ◽

Bloom Filters ◽

Communication Overhead ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

Download Full-text

Multi-security-level cloud storage system based on improved proxy re-encryption

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-019-1614-y ◽

2019 ◽

Vol 2019 (1) ◽

Author(s):

Jinan Shen ◽

Xuejian Deng ◽

Zhenwu Xu

Keyword(s):

Performance Optimization ◽

Cloud Storage ◽

Storage System ◽

Security Requirements ◽

Control Factor ◽

Security Level ◽

Fine Grained ◽

Attribute Based Encryption ◽

And Performance ◽

Heterogeneous Cloud

AbstractBased on the characteristics and data security requirements of the cloud environment, we present a scheme for a multi-security-level cloud storage system that is combined with AES symmetric encryption and an improved identity-based proxy re-encryption (PRE) algorithm. Our optimization includes support for fine-grained control and performance optimization. Through a combination of attribute-based encryption methods, we add a fine-grained control factor to our algorithm in which each authorization operation is only valid for a single factor. By reducing the number of bilinear mappings, which are the most time-consuming processes, we achieve our aim of optimizing performance. Last but not least, we implement secure data sharing among heterogeneous cloud systems. As shown in experiment, our proposed multi-security-level cloud storage system implements services such as the direct storage of data, transparent AES encryption, PRE protection that supports fine-grained and ciphertext heterogeneous transformation, and other functions such as authentication and data management. In terms of performance, we achieve time-cost reductions of 29.8% for the entire process, 48.3% for delegation and 47.2% for decryption.

Download Full-text

An Efficient ECC-Based CP-ABE Scheme for Power IoT

Processes ◽

10.3390/pr9071176 ◽

2021 ◽

Vol 9 (7) ◽

pp. 1176

Author(s):

Rui Cheng ◽

Kehe Wu ◽

Yuling Su ◽

Wei Li ◽

Wenchao Cui ◽

...

Keyword(s):

Access Control ◽

Elliptic Curve Cryptography ◽

Energy Production ◽

Control Function ◽

Rapid Development ◽

Bilinear Pairing ◽

Security And Privacy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

Download Full-text

Hierarchical authority based weighted attribute encryption scheme

Computer Science and Information Systems ◽

10.2298/csis180912027t ◽

2019 ◽

Vol 16 (3) ◽

pp. 797-813

Author(s):

Qiuting Tian ◽

Dezhi Han ◽

Yanmei Jiang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Encryption Scheme ◽

Storage Security ◽

Fine Grained ◽

Security Proof ◽

Attribute Based Encryption ◽

Encryption Schemes ◽

And Performance ◽

Cloud Storage Environment

With the development of cloud storage technology, data storage security has become increasingly serious. Aiming at the problem that existing attribute-based encryption schemes do not consider hierarchical authorities and the weight of attribute. A hierarchical authority based weighted attribute encryption scheme is proposed. This scheme will introduce hierarchical authorities and the weight of attribute into the encryption scheme, so that the authorities have a hierarchical relationship and different attributes have different importance. At the same time, the introduction of the concept of weight makes this scheme more flexible in the cloud storage environment and enables fine-grained access control. In addition, this scheme implements an online/offline encryption mechanism to improve the security of stored data. Security proof and performance analysis show that the scheme is safe and effective, and it can resist collusion attacks by many malicious users and authorization centers. It is more suitable for cloud storage environments than other schemes.

Download Full-text

Accessing Dynamic Health Records using KVertex Search Scheme Model towards Hierarchical Users mod Obscure Servers

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c5237.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 3474-3479

Keyword(s):

Data Retrieval ◽

Security Systems ◽

Health Records ◽

Precise Data ◽

Cipher Text ◽

Equivalent Time ◽

Attribute Based Encryption ◽

Data Owner ◽

Data User ◽

Encryption Schemes

Improvement appertaining to automations paved a major way to the security systems which in turn revamps the quality and instigates services. In order to alleviate those challenges, attribute based encryption schemes have also ideated solutions to control contrivances. This proposed system accords the description of k vertex leading in the access control using encoded data over scrutinizing encryption model at the equivalent time stage. The K vertex is incapable of precise data retrieval. Orderly to rig out these issues, k-vertex search scheme has been proffered by building up a cipher text-policy hierarchical encryption (CP-HE) swank the R score counting from descending order to enumerate the file views. The data user retrieves hold, allow along with convinced strategical provisions. The previous works define the ensemble Signature paradigm that has been taken advantage of mulct signer formats. It is ascertained to take the edge off the quantum attacks. Though the data owner involves the reclamation of data, it necessitates the demand for a group of signatures. Generation of aggregate key and the arrangement in hierarchy comprehends to tortuous ingressions which are swamped down by the R score to the corresponding k values with illustrious security in the current paper with entailment of K-vertex trapdoor (TD=(K vertex(TF) & K vertex(IDF))). The results are gauged out by TF (U) and IDF (U) besides k-vertex (IDF).

Download Full-text