A Blockchain-Based CP-ABE Scheme with Partially Hidden Access Structures

Security and Communication Networks ◽

10.1155/2021/4132597 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Yang Ba ◽

Xuexian Hu ◽

Yue Chen ◽

Zenghang Hao ◽

Xuewei Li ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Data Storage ◽

Private Information ◽

Single Point ◽

Third Party ◽

Access Structure ◽

User Privacy ◽

Fine Grained ◽

Access Structures

Data sharing has become a key technology to break down data silos in the big data era. Ciphertext-policy attribute-based encryption (CP-ABE) is widely used in secure data-sharing schemes to realize flexible and fine-grained access control. However, in traditional CP-ABE schemes, the access structure is directly shared along with the ciphertext, potentially leading to users’ private information leakage. Outsourcing data to a centralized third party can easily result in privacy leakage and single-point bottlenecks, and the lack of transparency in data storage and sharing casts doubts whether users’ data are safe. To address these issues, we propose a blockchain-based CP-ABE scheme with partially hidden access structures (BCP-ABE-PHAS) to achieve fine-grained access control while ensuring user privacy. First, we propose an efficient CP-ABE scheme with partially hidden access structures, where the ciphertext size is constant. To assist data decryption, we design a garbled Bloom filter to help users quickly locate the position of wildcards in the access structure. Then, to improve storage efficiency and system scalability, we propose a data storage scheme that combines blockchain technology and the interplanetary file system, ensuring data integrity. Finally, we employ smart contracts for a transparent data storage and sharing process without third-party participation. Security analysis and performance evaluation show that the proposed BCP-ABE-PHAS scheme can preserve policy privacy with efficient storage and low computational overhead.

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Enabling Efficient Decentralized and Privacy Preserving Data Sharing in Mobile Cloud Computing

Wireless Communications and Mobile Computing ◽

10.1155/2021/8513869 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Jiawei Zhang ◽

Ning Lu ◽

Teng Li ◽

Jianfeng Ma

Keyword(s):

Cloud Computing ◽

Access Control ◽

Mobile Devices ◽

Data Sharing ◽

Mobile Cloud Computing ◽

High Efficiency ◽

Mobile Cloud ◽

User Privacy ◽

Access Policy ◽

Fine Grained

Mobile cloud computing (MCC) is embracing rapid development these days and able to provide data outsourcing and sharing services for cloud users with pervasively smart mobile devices. Although these services bring various conveniences, many security concerns such as illegally access and user privacy leakage are inflicted. Aiming to protect the security of cloud data sharing against unauthorized accesses, many studies have been conducted for fine-grained access control using ciphertext-policy attribute-based encryption (CP-ABE). However, a practical and secure data sharing scheme that simultaneously supports fine-grained access control, large university, key escrow free, and privacy protection in MCC with expressive access policy, high efficiency, verifiability, and exculpability on resource-limited mobile devices has not been fully explored yet. Therefore, we investigate the challenge and propose an Efficient and Multiauthority Large Universe Policy-Hiding Data Sharing (EMA-LUPHDS) scheme. In this scheme, we employ fully hidden policy to preserve the user privacy in access policy. To adapt to large scale and distributed MCC environment, we optimize multiauthority CP-ABE to be compatible with large attribute universe. Meanwhile, for the efficiency purpose, online/offline and verifiable outsourced decryption techniques with exculpability are leveraged in our scheme. In the end, we demonstrate the flexibility and high efficiency of our proposal for data sharing in MCC by extensive performance evaluation.

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019100102 ◽

2019 ◽

Vol 13 (4) ◽

pp. 12-27

Author(s):

G. Sravan Kumar ◽

A. Sri Krishna

Keyword(s):

Access Control ◽

Data Storage ◽

Private Information ◽

Data Security ◽

Bloom Filters ◽

Communication Overhead ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

A Novel File Hierarchy Access Control Scheme Using Attribute-Based Encryption

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.701-702.911 ◽

2014 ◽

Vol 701-702 ◽

pp. 911-918 ◽

Cited By ~ 1

Author(s):

Shu Lan Wang ◽

Jian Ping Yu ◽

Peng Zhang ◽

Ping Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Access Structure ◽

Secret Key ◽

Chosen Plaintext Attack ◽

Fine Grained ◽

Access Structures ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Control Scheme

Attribute-based encryption (ABE) can keep data privacy and realize fine-grained access control. However, the notion of file hierarchy hasn't been presented until now. The problem, the multiple hierarchical files to be shared only using once encryption scheme, cannot be effectively solved. Based on the access structure layered model, a novel access control scheme about file hierarchy is proposed by using ABE to solve the problem. The proposed scheme will not only decrease the number of access structures to one, but also only require a secret key to decrypt all the authorization files. It is proved to be secure against the chosen-plaintext attack (CPA) under the decision bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis results indicate that the proposed scheme is efficient and practical when a large number of hierarchical files are shared.

An access control model for the Internet of Things based on zero-knowledge token and blockchain

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-021-01986-4 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Lihua Song ◽

Xinran Ju ◽

Zongke Zhu ◽

Mengchen Li

Keyword(s):

Internet Of Things ◽

Access Control ◽

Single Point ◽

Control Model ◽

Third Party ◽

Security Level ◽

Zero Knowledge ◽

Access Control Model ◽

Test Analysis ◽

Zero Knowledge Proof

AbstractInformation security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

Reliable Policy Updating under Efficient Policy Hidden Fine-grained Access Control Framework for Cloud Data Sharing

IEEE Transactions on Services Computing ◽

10.1109/tsc.2021.3096177 ◽

2021 ◽

pp. 1-1

Author(s):

Zuobin Ying ◽

Wenjie Jiang ◽

Ximeng Liu ◽

Shengmin Xu ◽

Robert Deng

Keyword(s):

Access Control ◽

Data Sharing ◽

Cloud Data ◽

Fine Grained ◽

Control Framework

BaDS: Blockchain-Based Architecture for Data Sharing with ABS and CP-ABE in IoT

Wireless Communications and Mobile Computing ◽

10.1155/2018/2783658 ◽

2018 ◽

Vol 2018 ◽

pp. 1-9 ◽

Cited By ~ 13

Author(s):

Yunru Zhang ◽

Debiao He ◽

Kim-Kwang Raymond Choo

Keyword(s):

Data Sharing ◽

Consensus Algorithm ◽

Byzantine Fault Tolerance ◽

Tolerance Mechanism ◽

User Privacy ◽

Fine Grained ◽

User Data ◽

Iot Devices ◽

And Storage ◽

Inform Decision Making

Internet of Things (IoT) and cloud computing are increasingly integrated, in the sense that data collected from IoT devices (generally with limited computational and storage resources) are being sent to the cloud for processing, etc., in order to inform decision making and facilitate other operational and business activities. However, the cloud may not be a fully trusted entity, like leaking user data or compromising user privacy. Thus, we propose a privacy-preserving and user-controlled data sharing architecture with fine-grained access control, based on the blockchain model and attribute-based cryptosystem. Also, the consensus algorithm in our system is the Byzantine fault tolerance mechanism, rather than Proof of Work.

An Attribute-Based Searchable Encryption Scheme for Non-Monotonic Access Structure

Handbook of Research on Intrusion Detection Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2242-4.ch013 ◽

2020 ◽

pp. 263-283 ◽

Cited By ~ 1

Author(s):

Mamta ◽

Brij B. Gupta

Keyword(s):

Access Control ◽

Searchable Encryption ◽

Access Structure ◽

Encryption Scheme ◽

Security Model ◽

Secret Key ◽

Fine Grained ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Encryption Schemes

Attribute based encryption (ABE) is a widely used technique with tremendous application in cloud computing because it provides fine-grained access control capability. Owing to this property, it is emerging as a popular technique in the area of searchable encryption where the fine-grained access control is used to determine the search capabilities of a user. But, in the searchable encryption schemes developed using ABE it is assumed that the access structure is monotonic which contains AND, OR and threshold gates. Many ABE schemes have been developed for non-monotonic access structure which supports NOT gate, but this is the first attempt to develop a searchable encryption scheme for the same. The proposed scheme results in fast search and generates secret key and search token of constant size and also the ciphertext components are quite fewer than the number of attributes involved. The proposed scheme is proven secure against chosen keyword attack (CKA) in selective security model under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Data Sharing with Fine-Grained Access Control for Multi-tenancy Cloud Storage System

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering - Cloud Computing, Security, Privacy in New Computing Environments ◽

10.1007/978-3-319-69605-8_12 ◽

2017 ◽

pp. 123-132 ◽

Cited By ~ 1

Author(s):

Zhen Li ◽

Minghao Zhao ◽

Han Jiang ◽

Qiuliang Xu

Keyword(s):

Access Control ◽

Data Sharing ◽

Cloud Storage ◽

Storage System ◽

Fine Grained

ABSAC: Attribute-Based Access Control Model Supporting Anonymous Access for Smart Cities

Security and Communication Networks ◽

10.1155/2021/5531369 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Runnan Zhang ◽

Gang Liu ◽

Shancang Li ◽

Yongheng Wei ◽

Quan Wang

Keyword(s):

Internet Of Things ◽

Access Control ◽

Private Information ◽

Smart Cities ◽

Control Model ◽

User Privacy ◽

Access Control Models ◽

The Subject ◽

Attribute Based Access Control ◽

Iot Devices

Smart cities require new access control models for Internet of Things (IoT) devices that preserve user privacy while guaranteeing scalability and efficiency. Researchers believe that anonymous access can protect the private information even if the private information is not stored in authorization organization. Many attribute-based access control (ABAC) models that support anonymous access expose the attributes of the subject to the authorization organization during the authorization process, which allows the authorization organization to obtain the attributes of the subject and infer the identity of the subject. The ABAC with anonymous access proposed in this paper called ABSAC strengthens the identity-less of ABAC by combining homomorphic attribute-based signatures (HABSs) which does not send the subject attributes to the authorization organization, reducing the risk of subject identity re-identification. It is a secure anonymous access framework. Tests show that the performance of ABSAC implementation is similar to ABAC’s performance.