Data Security for Cloud Datasets With Bloom Filters on Ciphertext Policy Attribute Based Encryption

Cloud data storage environments allow the data providers to store and share large amounts of datasets generated from various resources. However, outsourcing private data to a cloud server is insecure without an efficient access control strategy. Thus, it is important to protect the data and privacy of user with a fine-grained access control policy. In this article, a Bloom Filter-based Ciphertext-Policy Attribute-Based Encryption (BF-CP-ABE) technique is presented to provide data security to cloud datasets with a Linear Secret Sharing Structure (LSSS) access policy. This fine-grained access control scheme hides the whole attribute set in the ciphertext, whereas in previous CP-ABE methods, the attributes are partially hidden in the ciphertext which in turn leaks private information about the user. Since the attribute set of the BF-CP-ABE technique is hidden, bloom filters are used to identify the authorized users during data decryption. The BF-CP-ABE technique is designed to be selective secure under an Indistinguishable-Chosen Plaintext attack and the simulation results show that the communication overhead is significantly reduced with the adopted LSSS access policy.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text

Fine-grained user access control in ciphertext-policy attribute-based encryption

Security and Communication Networks ◽

10.1002/sec.345 ◽

2011 ◽

Vol 5 (3) ◽

pp. 253-261 ◽

Cited By ~ 6

Author(s):

Junbeom Hur ◽

Chanil Park ◽

Seong Oun Hwang

Keyword(s):

Access Control ◽

Fine Grained ◽

Attribute Based Encryption ◽

User Access ◽

Ciphertext Policy

Download Full-text

Ciphertext-Policy Weighted Attribute Based Encryption for Fine-Grained Access Control

2013 5th International Conference on Intelligent Networking and Collaborative Systems ◽

10.1109/incos.2013.18 ◽

2013 ◽

Cited By ~ 8

Author(s):

Ximeng Liu ◽

Jianfeng Ma ◽

Jinbo Xiong ◽

Qi Li ◽

Jun Ma

Keyword(s):

Access Control ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

Download Full-text

Research on Access Control Based on CP-ABE Algorithm and Cloud Computing

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.513-517.2273 ◽

2014 ◽

Vol 513-517 ◽

pp. 2273-2276

Author(s):

Shao Min Zhang ◽

Jun Ran ◽

Bao Yi Wang

Keyword(s):

Cloud Computing ◽

Access Control ◽

Control Policy ◽

Massive Data ◽

Access Control Policy ◽

Fine Grained ◽

Network Bandwidth ◽

Private Key ◽

Attribute Based Encryption ◽

Ciphertext Policy

Ciphertext-Policy Attribute-based encryption (CP-ABE) mechanism is an extension of attribute-based encryption which associates the ciphertext and user's private key with the attribute by taking the attribute as a public key. It makes the representation of the access control policy more flexible, thus greatly reduces the network bandwidth and processing overhead of sending node brought by fine-grained access control of data sharing. According to the principle of CP-ABE encryption mechanism for this mechanism, an improved cloud computing-based encryption algorithm was proposed in this paper to overcome the deficiencies of permission changing process under the massive data. Experimental results show that compared with traditional methods, the new mechanism significantly reduces time-consuming.

Download Full-text

An Efficient ECC-Based CP-ABE Scheme for Power IoT

Processes ◽

10.3390/pr9071176 ◽

2021 ◽

Vol 9 (7) ◽

pp. 1176

Author(s):

Rui Cheng ◽

Kehe Wu ◽

Yuling Su ◽

Wei Li ◽

Wenchao Cui ◽

...

Keyword(s):

Access Control ◽

Elliptic Curve Cryptography ◽

Energy Production ◽

Control Function ◽

Rapid Development ◽

Bilinear Pairing ◽

Security And Privacy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Ciphertext Policy

The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

Download Full-text

Securing E-health Data using Ciphertext-Policy Attribute-Based Encryption with Dynamic User Revocation

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c6309.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 7244-7250

Keyword(s):

Access Control ◽

Service Providers ◽

Health Data ◽

Security And Privacy ◽

Unique Identifier ◽

Fine Grained ◽

Attribute Based Encryption ◽

User Revocation ◽

Role Based ◽

Ciphertext Policy

E-health systems hold a massive amount of medical data that is stored and shared across healthcare service providers to deliver health facilities. However, security and privacy worries increase when sharing this data over distributed settings. As a result, Cryptography techniques have been considered to secure e-health data from unauthorized access. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) is commonly utilized in such a setting, which provides role-based and fine-grained access control over encrypted data. The CP-ABE suffers from the problem of user revocation where the entire policy must be changed even when only one user is revoked or removed from the policy. In this paper, we proposed a CP-ABE based access control model to support user revocation efficiently. Specifically, the proposed model associates a unique identifier to each user. This identifier is added to the policy attributes and removed dynamically when the user is added/revoked. A tree structure (PolicyPathTree) is designed specifically for our model. It can facilitate fast access to policy's attributes during the verification process; The model is analyzed using Information Theory Tools. Results show that our model outperforms other notable work in terms of computational overheads.,

Download Full-text

Towards Virtuous Cloud Data Storage Using Access Policy Hiding in Ciphertext Policy Attribute-Based Encryption

Future Internet ◽

10.3390/fi13110279 ◽

2021 ◽

Vol 13 (11) ◽

pp. 279

Author(s):

Siti Dhalila Mohd Satar ◽

Masnida Hussin ◽

Zurina Mohd Hanapi ◽

Mohamad Afendee Mohamed

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Security Analysis ◽

Data Access ◽

Logical Connective ◽

Encrypted Data ◽

Cloud Data ◽

Access Policy ◽

Attribute Based Encryption ◽

Ciphertext Policy

Managing and controlling access to the tremendous data in Cloud storage is very challenging. Due to various entities engaged in the Cloud environment, there is a high possibility of data tampering. Cloud encryption is being employed to control data access while securing Cloud data. The encrypted data are sent to Cloud storage with an access policy defined by the data owner. Only authorized users can decrypt the encrypted data. However, the access policy of the encrypted data is in readable form, which results in privacy leakage. To address this issue, we proposed a reinforcement hiding in access policy over Cloud storage by enhancing the Ciphertext Policy Attribute-based Encryption (CP-ABE) algorithm. Besides the encryption process, the reinforced CP-ABE used logical connective operations to hide the attribute value of data in the access policy. These attributes were converted into scrambled data along with a ciphertext form that provides a better unreadability feature. It means that a two-level concealed tactic is employed to secure data from any unauthorized access during a data transaction. Experimental results revealed that our reinforced CP-ABE had a low computational overhead and consumed low storage costs. Furthermore, a case study on security analysis shows that our approach is secure against a passive attack such as traffic analysis.

Download Full-text

A Privacy Preserving and Efficient Multi Authority – CP-ABE Scheme for Secure Cloud Communication

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.945 ◽

2021 ◽

Author(s):

Shardha Porwal ◽

Sangeeta Mittal

Keyword(s):

Communication Overhead ◽

Computing Environment ◽

Constant Length ◽

Cloud Computing Environment ◽

Key Escrow ◽

Access Policy ◽

Attribute Based Encryption ◽

Encryption And Decryption ◽

Share Data ◽

Ciphertext Policy

In the cloud computing environment, Multi authority Ciphertext Policy-Attribute Based Encryption (CP-ABE) schemes are used as a key escrow free solution to securely and efficiently share data over cloud. However, the length of ciphertext in existing Multi Authority-CP-ABE schemes increases with the number of attributes in the access policy. Moreover, these schemes do not protect against dishonest attribute authorities. In this paper, a constant length ciphertext Multi Authority-CP-ABE scheme is proposed that reduces the communication overhead over the network. The scheme also prevents dishonest authority from compromising the system. Apart from this, for enhanced privacy of receivers, the access policy is communicated in hidden form. Thus, the presented scheme provides an efficient corrupt resistant, key escrow free Multi Authority-CP-ABE scheme by generating constant length ciphertext and hidden access structure. Results demonstrate the enhanced security and reduced cost of encryption and decryption by 8% and 48% respectively as compared to other existing works.

Download Full-text