Dynamic Policy Attribute Based Encryption and its Application in Generic Construction of Multi-Keyword Search

Attribute based encryption (ABE) is an encryption technique which provides a good solution to the security issues in the cloud environment. Through ABE, a data owner can achieve the fine-grained sharing of data encrypted under attributes or an access policy which they possess. The relation among these attributes is represented by the access policy which is expressed as an access tree. In this article, the authors first present an ABE scheme which supports frequent changes in the access tree and hence, it is named a dynamic policy ABE. Also, the proposed scheme generates secret keys of constant size which can save bandwidth. The proposed scheme is based on key-policy design and supports monotonic access structure that consists of AND, OR and Threshold gates. Inspired by the proposed dynamic policy ABE scheme the authors then present a multi-keyword search scheme which inherits all the features of the proposed ABE scheme. Therefore, it provides a constant size trapdoor and support for fast search. The construction of a multi-keyword search scheme is generic in nature and any ABE scheme can be converted to the multi-keyword search scheme using the transformation method given in the paper. Finally, the proposed schemes are proven to be secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Secure Fine-Grained Keyword Search With Efficient User Revocation and Traitor Tracing in the Cloud

Journal of Organizational and End User Computing ◽

10.4018/joeuc.2020100106 ◽

2020 ◽

Vol 32 (4) ◽

pp. 112-137

Author(s):

Mamta ◽

Brij B. Gupta

Keyword(s):

Keyword Search ◽

Policy Design ◽

Security Model ◽

Secret Key ◽

Fine Grained ◽

Multiple Data ◽

Attribute Based Encryption ◽

Data User ◽

User Revocation ◽

Access Rights

Fine-grained searching is an important feature in multi-user cloud environment and a combination of attribute-based encryption (ABE) and searchable encryption (SE) is used to facilitate it. This combination provides a powerful tool where multiple data owners can share their data with multiple data users in an independent and differential manner. In this article, the authors have used key-policy design framework of attribute-based encryption to construct the multi-keyword search scheme where access rights assigned to a data user are associated with his/her secret key. This leads to a situation where a data user can abuse his secret key to distribute it illegally to the unauthorized users to perform search over the shared data which is not intended for him/her. Therefore, to track such kind of key abusers the authors have embedded an extra functionality of tracing the traitors. For this purpose, each user is assigned a unique identity in the form of binary string where each bit represents an attribute related to his identity. In addition to the normal attributes, the access structure of a user also possesses identity-related attributes which are hidden from the user along with some normal attributes. Hence, the proposed scheme supports partial anonymity. Further, in the event of user revocation the proposed scheme efficiently handles the system update process by delegating the computationally intensive tasks to the cloud server. Finally, the proposed scheme is proved secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption and decision linear assumption in the selective security model.

Download Full-text

Multiauthority Attribute-Based Encryption with Traceable and Dynamic Policy Updating

Security and Communication Networks ◽

10.1155/2021/6661450 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Jie Ling ◽

Junwei Chen ◽

Jiahui Chen ◽

Wensheng Gan

Keyword(s):

Cloud Storage ◽

Storage Security ◽

Access Policy ◽

Fine Grained ◽

Security Models ◽

Attribute Based Encryption ◽

Dynamic Policy ◽

Ciphertext Policy ◽

Experimental Comparisons ◽

Better Than

Ciphertext policy attribute-based encryption (CP-ABE) is an encryption mechanism that can provide fine-grained access control and adequate cloud storage security for Internet of Things (IoTs). In this field, the original CP-ABE scheme usually has only a single trusted authority, which will become a bottleneck in IoTs. In addition, different users may illegally share their private keys to obtain improper benefits. Besides, the data owners also require the flexibility to change their access policy. In this paper, we construct a multiauthority CP-ABE scheme on prime order groups over a large attribute universe. Our scheme can support white-box traceability along with policy updates to solve the abovementioned three problems and, thus, can fix the potential requirements of IoTs. More precisely, the proposed scheme supports multiple authority, white box traceability, large attribute domains, access policy updates, and high expressiveness. We prove that our designed scheme is static secure and traceable secure based on the state-of-the-art security models. Moreover, by theoretical comparison, our scheme has better performance than other schemes. Finally, extensive experimental comparisons show that our proposed algorithm can be better than the baseline algorithms.

Download Full-text

Traceable Attribute-Based Secure Data Sharing with Hidden Policies in Mobile Health Networks

Mobile Information Systems ◽

10.1155/2020/3984048 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Xueyan Liu ◽

Yukun Luo ◽

Xiaotao Yang

Keyword(s):

Bilinear Pairing ◽

Health Networks ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Data Owner ◽

Data User ◽

Efficient Scheme ◽

And Performance ◽

The One

The growing need to store, share, and manage medical and health records has resulted in electronic medical health sharing system (mHealth), which provides intelligent medical treatment for people. Attribute-based encryption (ABE) is regarded as a new cryptology to enhance fine-grained access control over encrypted sharing data in mHealth. However, some existing attribute-based mHealth systems not only violate the one-to-many application characteristics of attribute-based encryption mechanism but also destroy the anonymity of user. In this study, an efficient scheme is proposed to tackle the above defaults and offer two-way anonymity of data owner and data user by introducing a pseudoidentity. The computation of hidden access policy is reduced by removing the bilinear pairing, whereas the interaction between cloud storage and data user is avoided to save bandwidth during trapdoor generation. We also consider the temporal factor of the uploaded information by introducing access validity. Security and performance analyses show that the proposed scheme is efficient without reducing security.

Download Full-text

A Lightweight Fine-Grained Search Scheme over Encrypted Data in Cloud-Assisted Wireless Body Area Networks

Wireless Communications and Mobile Computing ◽

10.1155/2019/9340808 ◽

2019 ◽

Vol 2019 ◽

pp. 1-12 ◽

Cited By ~ 2

Author(s):

Mingsheng Cao ◽

Luhan Wang ◽

Zhiguang Qin ◽

Chunwei Lou

Keyword(s):

Keyword Search ◽

Body Area Networks ◽

Wireless Body Area Networks ◽

Security And Privacy ◽

Body Area ◽

Encrypted Data ◽

Fine Grained ◽

Resource Limited ◽

Attribute Based Encryption ◽

Ciphertext Policy

The wireless body area networks (WBANs) have emerged as a highly promising technology that allows patients’ demographics to be collected by tiny wearable and implantable sensors. These data can be used to analyze and diagnose to improve the healthcare quality of patients. However, security and privacy preserving of the collected data is a major challenge on resource-limited WBANs devices and the urgent need for fine-grained search and lightweight access. To resolve these issues, in this paper, we propose a lightweight fine-grained search over encrypted data in WBANs by employing ciphertext policy attribute based encryption and searchable encryption technologies, of which the proposed scheme can provide resource-constraint end users with fine-grained keyword search and lightweight access simultaneously. We also formally define its security and prove that it is secure against both chosen plaintext attack and chosen keyword attack. Finally, we make a performance evaluation to demonstrate that our scheme is much more efficient and practical than the other related schemes, which makes the scheme more suitable for the real-world applications.

Download Full-text

Privacy-Preserving and Efficient Public Key Encryption with Keyword Search Based on CP-ABE in Cloud

Cryptography ◽

10.3390/cryptography4040028 ◽

2020 ◽

Vol 4 (4) ◽

pp. 28

Author(s):

Yunhong Zhou ◽

Shihui Zheng ◽

Licheng Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Keyword Search ◽

Good Method ◽

Privacy Preserving ◽

Public Key ◽

Public Key Encryption ◽

Encrypted Data ◽

Fine Grained ◽

Attribute Based Encryption

In the area of searchable encryption, public key encryption with keyword search (PEKS) has been a critically important and promising technique which provides secure search over encrypted data in cloud computing. PEKS can protect user data privacy without affecting the usage of the data stored in the untrusted cloud server environment. However, most of the existing PEKS schemes concentrate on data users’ rich search functionalities, regardless of their search permission. Attribute-based encryption technology is a good method to solve the security issues, which provides fine-grained access control to the encrypted data. In this paper, we propose a privacy-preserving and efficient public key encryption with keyword search scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique to support both fine-grained access control and keyword search over encrypted data simultaneously. We formalize the security definition, and prove that our scheme achieves selective indistinguishability security against an adaptive chosen keyword attack. Finally, we present the performance analysis in terms of theoretical analysis and experimental analysis, and demonstrate the efficiency of our scheme.

Download Full-text

RSA-CP-IDABE: A Secure Framework for Multi-User and Multi-Owner Cloud Environment

Information ◽

10.3390/info11080382 ◽

2020 ◽

Vol 11 (8) ◽

pp. 382

Author(s):

Sonali Chandel ◽

Geng Yang ◽

Sumit Chakravarty

Keyword(s):

Low Cost ◽

Cloud Environment ◽

Cloud Data ◽

The Public ◽

Security Issues ◽

Attribute Based Encryption ◽

Man In The Middle ◽

Secret Keys ◽

Encryption Decryption ◽

Ciphertext Policy

Cloud has become one of the most widely used technologies to store data due to its availability, flexibility, and low cost. At the same time, the security, integrity, and privacy of data that needs to be stored on the cloud is the primary threat for cloud deployment. However, the increase in cloud utilization often results in the creation of a multi-user cloud environment, which requires its owners to manage and monitor the data more effectively. The security of information faces an additional threat, which is related to the increasing number of users and owners who deal with the data stored on the cloud. Many researchers have developed several frameworks and algorithms to address the security issues of the cloud environment. In the present work, a novel algorithm is proposed with the integration of Ciphertext Policy-Identity Attribute-based Encryption (CP-IDABE) and the Rivest–Shamir–Adelman (RSA) algorithm for securing the cloud. Both the owners and users are provided with the public and distinct secret keys that are generated by the Automated Certificate Authority (ACA). The attribute policy differentiates between the user and owner for accessing the cloud data. The proposed RSA-CP-IDABE algorithm also prevents the Man in the Middle (MITM) attack effectively. The performance of the proposed algorithm is evaluated for its time used for encryption, decryption, and execution for varying sizes of data. The obtained results are compared with the existing framework to show its effectiveness. The proposed algorithm can be enhanced with the revocation of privileges in the future.

Download Full-text

Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2019100102 ◽

2019 ◽

Vol 13 (4) ◽

pp. 12-27

Author(s):

G. Sravan Kumar ◽

A. Sri Krishna

Keyword(s):

Access Control ◽

Data Storage ◽

Private Information ◽

Data Security ◽

Bloom Filters ◽

Communication Overhead ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

Download Full-text

Ciphertext-Policy Attribute-based Encryption with Hidden Sensitive Policy from Keyword Search Techniques in Smarty City

10.21203/rs.3.rs-53313/v2 ◽

2020 ◽

Author(s):

Fei Meng ◽

Leixiao Cheng ◽

Mingqiang Wang

Keyword(s):

Smart City ◽

Keyword Search ◽

End Users ◽

The Other ◽

Sensitive Information ◽

Security Model ◽

Access Policy ◽

Attribute Based Encryption ◽

Ciphertext Policy ◽

Access Policies

Abstract Smart city greatly facilitates citizens and generates innumerable data, some of which is very private and sensitive. To protect data from unauthorized users, ciphertext-policy attribute-based encryption (CP-ABE) enables data owner to specify an access policy on encrypted data. However, There are two drawbacks in traditional CP-ABE schemes. On the one hand, the access policy is revealed in the ciphertext so that sensitive information contained in the policy is exposed to anyone who obtains the ciphertext. For example, both the plaintext and access policy of an encrypted recruitment may reveal the company’s future development plan. On the other hand, the decryption time scales linearly with the complexity of the access, which makes it unsuitable for resource-limited end users. In this paper, we propose a CP-ABE scheme with hidden sensitive policy from keyword search (KS) techniques in smart city. Specifically, we introduce a new security model chosen sensitive policy security : two access policies embedded in the ciphertext, one is public and the other is sensitive and fully hidden, only if user’s attributes satisfy the public policy, it’s possible for him/her to learn about the hidden policy, otherwise he/she cannot get any information (attribute name and its values) of it. When the user satisfies both access policies, he/she can obtain and decrypt the ciphertext. Compared with other CP-ABE schemes, our scheme exploits KS techniques to achieve more expressive and efficient, while the access policy of their schemes only work on the “AND-gate” structure or their ciphertext size or decryption time maybe super-polynomial. In addition, intelligent devices spread all over the smart city, so partial computational overhead of encryption of our scheme can be outsourced to these devices as fog nodes, while most part overhead in the decryption process is outsourced to the cloud.Therefore, our scheme is more applicable to end users with resource-constrained mobile devices. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Traceable Multiauthority Attribute-Based Encryption with Outsourced Decryption and Hidden Policy for CIoT

Wireless Communications and Mobile Computing ◽

10.1155/2021/6682580 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Suhui Liu ◽

Jiguo Yu ◽

Chunqiang Hu ◽

Mengmeng Li

Keyword(s):

Data Sharing ◽

Random Oracle Model ◽

Random Oracle ◽

Fine Grained ◽

Security Issues ◽

Efficient Management ◽

Attribute Based Encryption ◽

High Efficient ◽

Efficient Data ◽

Iot Devices

Cloud-assisted Internet of Things (IoT) significantly facilitate IoT devices to outsource their data for high efficient management. Unfortunately, some unsettled security issues dramatically impact the popularity of IoT, such as illegal access and key escrow problem. Traditional public-key encryption can be used to guarantees data confidentiality, while it cannot achieve efficient data sharing. The attribute-based encryption (ABE) is the most promising way to ensure data security and to realize one-to-many fine-grained data sharing simultaneously. However, it cannot be well applied in the cloud-assisted IoT due to the complexity of its decryption and the decryption key leakage problem. To prevent the abuse of decryption rights, we propose a multiauthority ABE scheme with white-box traceability in this paper. Moreover, our scheme greatly lightens the overhead on devices by outsourcing the most decryption work to the cloud server. Besides, fully hidden policy is implemented to protect the privacy of the access policy. Our scheme is proved to be selectively secure against replayable chosen ciphertext attack (RCCA) under the random oracle model. Some theory analysis and simulation are described in the end.

Download Full-text

A CP-ABE Scheme Supporting Arithmetic Span Programs

Security and Communication Networks ◽

10.1155/2020/3265871 ◽

2020 ◽

Vol 2020 ◽

pp. 1-16

Author(s):

Chao Ma ◽

Haiying Gao ◽

Duo Wei

Keyword(s):

Computing Environment ◽

Cloud Computing Environment ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

Experimental Sequence ◽

Secret Keys ◽

Span Programs ◽

Ciphertext Policy ◽

Access Policies

Attribute-based encryption achieves fine-grained access control, especially in a cloud computing environment. In a ciphertext-policy attribute-based encryption (CP-ABE) scheme, the ciphertexts are associated with the access policies, while the secret keys are determined by the attributes. In recent years, people have tried to find more effective access structures to improve the efficiency of encryption systems. This paper presents a ciphertext-policy attribute-based encryption scheme that supports arithmetic span programs. On the composite-order bilinear group, the security of the scheme is proven by experimental sequence based on the combination of composite-order bilinear entropy expansion lemma and subgroup decision (SD) assumption. And, it is an adaptively secure scheme with constant-size public parameters.

Download Full-text