Multiauthority Attribute-Based Encryption with Traceable and Dynamic Policy Updating

Ciphertext policy attribute-based encryption (CP-ABE) is an encryption mechanism that can provide fine-grained access control and adequate cloud storage security for Internet of Things (IoTs). In this field, the original CP-ABE scheme usually has only a single trusted authority, which will become a bottleneck in IoTs. In addition, different users may illegally share their private keys to obtain improper benefits. Besides, the data owners also require the flexibility to change their access policy. In this paper, we construct a multiauthority CP-ABE scheme on prime order groups over a large attribute universe. Our scheme can support white-box traceability along with policy updates to solve the abovementioned three problems and, thus, can fix the potential requirements of IoTs. More precisely, the proposed scheme supports multiple authority, white box traceability, large attribute domains, access policy updates, and high expressiveness. We prove that our designed scheme is static secure and traceable secure based on the state-of-the-art security models. Moreover, by theoretical comparison, our scheme has better performance than other schemes. Finally, extensive experimental comparisons show that our proposed algorithm can be better than the baseline algorithms.

Download Full-text

Current Issues in Ciphertext Policy-Attribute Based Scheme for Cloud Computing: A Survey

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.15.11215 ◽

2018 ◽

Vol 7 (2.15) ◽

pp. 64

Author(s):

Norhidayah Muhammad ◽

Jasni Mohamad Zain ◽

Mumtazimah Mohamad

Keyword(s):

Cloud Computing ◽

Cloud Storage ◽

Fine Grained ◽

The Past ◽

Attribute Based Encryption ◽

Key Policy ◽

The Common ◽

Ciphertext Policy ◽

Server Maintenance ◽

Better Than

The use of cloud computing has increased exponentially in data resources storage over the past few years. Cloud storage reduces the overall costs of server maintenance, whereby companies only pay for the resources they actually use in the cloud storage. Despite this, security concerns in cloud computing must be a top priority. One of the common encryption methods in cloud security is Attribute Based Encryption (ABE). ABE contains two types, namely, Ciphertext Policy-Attribute Based Encryption (CP-ABE) and Key Policy- Attribute based Encryption (KP-ABE). CP-ABE is better than KP-ABE, especially in reduplication issues and fine-grained access. However, issues in CP_ABE need further improvement. Improvement for the CP-ABE scheme has been growing rapidly since 2010 to date, and five main issues need improvement. This paper reviews the proposed CP-ABE schemes during the past three years. These schemes focus on solving the five issues identified inherent in the CP-ABE scheme.

Download Full-text

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019100102 ◽

2019 ◽

Vol 13 (4) ◽

pp. 12-27

Author(s):

G. Sravan Kumar ◽

A. Sri Krishna

Keyword(s):

Access Control ◽

Data Storage ◽

Private Information ◽

Data Security ◽

Bloom Filters ◽

Communication Overhead ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

Download Full-text

Hierarchical authority based weighted attribute encryption scheme

Computer Science and Information Systems ◽

10.2298/csis180912027t ◽

2019 ◽

Vol 16 (3) ◽

pp. 797-813

Author(s):

Qiuting Tian ◽

Dezhi Han ◽

Yanmei Jiang

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Encryption Scheme ◽

Storage Security ◽

Fine Grained ◽

Security Proof ◽

Attribute Based Encryption ◽

Encryption Schemes ◽

And Performance ◽

Cloud Storage Environment

With the development of cloud storage technology, data storage security has become increasingly serious. Aiming at the problem that existing attribute-based encryption schemes do not consider hierarchical authorities and the weight of attribute. A hierarchical authority based weighted attribute encryption scheme is proposed. This scheme will introduce hierarchical authorities and the weight of attribute into the encryption scheme, so that the authorities have a hierarchical relationship and different attributes have different importance. At the same time, the introduction of the concept of weight makes this scheme more flexible in the cloud storage environment and enables fine-grained access control. In addition, this scheme implements an online/offline encryption mechanism to improve the security of stored data. Security proof and performance analysis show that the scheme is safe and effective, and it can resist collusion attacks by many malicious users and authorization centers. It is more suitable for cloud storage environments than other schemes.

Download Full-text

Towards Virtuous Cloud Data Storage Using Access Policy Hiding in Ciphertext Policy Attribute-Based Encryption

Future Internet ◽

10.3390/fi13110279 ◽

2021 ◽

Vol 13 (11) ◽

pp. 279

Author(s):

Siti Dhalila Mohd Satar ◽

Masnida Hussin ◽

Zurina Mohd Hanapi ◽

Mohamad Afendee Mohamed

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Data Access ◽

Logical Connective ◽

Encrypted Data ◽

Cloud Data ◽

Access Policy ◽

Attribute Based Encryption ◽

Ciphertext Policy

Managing and controlling access to the tremendous data in Cloud storage is very challenging. Due to various entities engaged in the Cloud environment, there is a high possibility of data tampering. Cloud encryption is being employed to control data access while securing Cloud data. The encrypted data are sent to Cloud storage with an access policy defined by the data owner. Only authorized users can decrypt the encrypted data. However, the access policy of the encrypted data is in readable form, which results in privacy leakage. To address this issue, we proposed a reinforcement hiding in access policy over Cloud storage by enhancing the Ciphertext Policy Attribute-based Encryption (CP-ABE) algorithm. Besides the encryption process, the reinforced CP-ABE used logical connective operations to hide the attribute value of data in the access policy. These attributes were converted into scrambled data along with a ciphertext form that provides a better unreadability feature. It means that a two-level concealed tactic is employed to secure data from any unauthorized access during a data transaction. Experimental results revealed that our reinforced CP-ABE had a low computational overhead and consumed low storage costs. Furthermore, a case study on security analysis shows that our approach is secure against a passive attack such as traffic analysis.

Download Full-text

Fine-Grained Access Control with Efficient Revocation in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.571-572.79 ◽

2014 ◽

Vol 571-572 ◽

pp. 79-89

Author(s):

Ting Zhong ◽

You Peng Sun ◽

Qiao Liu

Keyword(s):

Access Control ◽

Cloud Storage ◽

Storage System ◽

Fine Grained ◽

Computational Overhead ◽

Attribute Based Encryption ◽

Encrypt Data ◽

User Revocation ◽

Ciphertext Policy ◽

Access Policies

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

Download Full-text

A Secure Ciphertext Self-Destruction Scheme with Attribute-Based Encryption

Mathematical Problems in Engineering ◽

10.1155/2015/329626 ◽

2015 ◽

Vol 2015 ◽

pp. 1-8 ◽

Cited By ~ 1

Author(s):

Tonghao Yang ◽

Junquan Li ◽

Bin Yu

Keyword(s):

Cloud Storage ◽

Hash Table ◽

Data Encryption ◽

Distributed Hash Table ◽

Sybil Attack ◽

Sensitive Data ◽

Storage Security ◽

Fine Grained ◽

Attribute Based Encryption ◽

Efficient Data

The secure destruction of expired data is one of the important contents in the research of cloud storage security. Applying the attribute-based encryption (ABE) and the distributed hash table (DHT) technology to the process of data destruction, we propose a secure ciphertext self-destruction scheme with attribute-based encryption called SCSD. In SCSD scheme, the sensitive data is first encrypted under an access key and then the ciphertext shares are stored in the DHT network along with the attribute shares. Meanwhile, the rest of the sensitive data ciphertext and the shares of access key ciphertext constitute the encapsulated self-destruction object (EDO), which is stored in the cloud. When the sensitive data is expired, the nodes in DHT networks can automatically discard the ciphertext shares and the attribute shares, which can make the ciphertext and the access key unrecoverable. Thus, we realize secure ciphertext self-destruction. Compared with the current schemes, our SCSD scheme not only can support efficient data encryption and fine-grained access control in lifetime and secure self-destruction after expiry, but also can resist the traditional cryptanalysis attack as well as the Sybil attack in the DHT network.

Download Full-text

Modified Ciphertext-Policy Attribute-Based Encryption Scheme with Efficient Revocation for PHR System

Mathematical Problems in Engineering ◽

10.1155/2017/6808190 ◽

2017 ◽

Vol 2017 ◽

pp. 1-10 ◽

Cited By ~ 2

Author(s):

Hongying Zheng ◽

Jieming Wu ◽

Bo Wang ◽

Jianyong Chen

Keyword(s):

Cloud Storage ◽

Personal Health Record ◽

Storage System ◽

Personal Health ◽

Encryption Scheme ◽

Promising Technique ◽

Access Policy ◽

Attribute Based Encryption ◽

Role Based ◽

Ciphertext Policy

Attribute-based encryption (ABE) is considered a promising technique for cloud storage where multiple accessors may read the same file. For storage system with specific personal health record (PHR), we propose a modified ciphertext-policy attribute-based encryption scheme with expressive and flexible access policy for public domains. Our scheme supports multiauthority scenario, in which the authorities work independently without an authentication center. For attribute revocation, it can generate different update parameters for different accessors to effectively resist both accessor collusion and authority collusion. Moreover, a blacklist mechanism is designed to resist role-based collusion. Simulations show that the proposed scheme can achieve better performance with less storage occupation, computation assumption, and revocation cost compared with other schemes.

Download Full-text

Dynamic Policy Attribute Based Encryption and its Application in Generic Construction of Multi-Keyword Search

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2019100102 ◽

2019 ◽

Vol 11 (4) ◽

pp. 16-38 ◽

Cited By ~ 7

Author(s):

Mamta ◽

Brij B. Gupta ◽

Syed Taqi Ali

Keyword(s):

Keyword Search ◽

Policy Design ◽

Transformation Method ◽

Access Policy ◽

Fine Grained ◽

Security Issues ◽

Constant Size ◽

Attribute Based Encryption ◽

Secret Keys ◽

Dynamic Policy

Attribute based encryption (ABE) is an encryption technique which provides a good solution to the security issues in the cloud environment. Through ABE, a data owner can achieve the fine-grained sharing of data encrypted under attributes or an access policy which they possess. The relation among these attributes is represented by the access policy which is expressed as an access tree. In this article, the authors first present an ABE scheme which supports frequent changes in the access tree and hence, it is named a dynamic policy ABE. Also, the proposed scheme generates secret keys of constant size which can save bandwidth. The proposed scheme is based on key-policy design and supports monotonic access structure that consists of AND, OR and Threshold gates. Inspired by the proposed dynamic policy ABE scheme the authors then present a multi-keyword search scheme which inherits all the features of the proposed ABE scheme. Therefore, it provides a constant size trapdoor and support for fast search. The construction of a multi-keyword search scheme is generic in nature and any ABE scheme can be converted to the multi-keyword search scheme using the transformation method given in the paper. Finally, the proposed schemes are proven to be secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

Research Anthology on Artificial Intelligence Applications in Security ◽

10.4018/978-1-7998-7705-9.ch064 ◽

2021 ◽

pp. 1431-1447

Author(s):

G. Sravan Kumar ◽

A. Sri Krishna

Keyword(s):

Access Control ◽

Data Security ◽

Bloom Filters ◽

Communication Overhead ◽

Cloud Data ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Cloud Data Storage ◽

Ciphertext Policy

Download Full-text

Research on Ciphertext-Policy Attribute-Based Encryption with Attribute Level User Revocation in Cloud Storage

Mathematical Problems in Engineering ◽

10.1155/2017/4070616 ◽

2017 ◽

Vol 2017 ◽

pp. 1-12 ◽

Cited By ~ 3

Author(s):

Guangbo Wang ◽

Jianhua Wang

Keyword(s):

Access Control ◽

Cloud Storage ◽

Control Policy ◽

Attribute Level ◽

Fine Grained ◽

Computational Load ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Important Challenge ◽

Ciphertext Policy

Attribute-based encryption (ABE) scheme is more and more widely used in the cloud storage, which can achieve fine-grained access control. However, it is an important challenge to solve dynamic user and attribute revocation in the original scheme. In order to solve this problem, this paper proposes a ciphertext-policy ABE (CP-ABE) scheme which can achieve attribute level user attribution. In this scheme, if some attribute is revoked, then the ciphertext corresponding to this attribute will be updated so that only the individuals whose attributes meet the access control policy and have not been revoked will be able to carry out the key updating and decrypt the ciphertext successfully. This scheme is proved selective-structure secure based on the q-Parallel Bilinear Diffie-Hellman Exponent (BDHE) assumption in the standard model. Finally, the performance analysis and experimental verification have been carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although our scheme increases the computational load of storage service provider (CSP) in order to achieve the attribute revocation, it does not need the participation of attribute authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except for the private key, thus saving the storage space greatly.

Download Full-text