Secure Fine-Grained Keyword Search With Efficient User Revocation and Traitor Tracing in the Cloud

Fine-grained searching is an important feature in multi-user cloud environment and a combination of attribute-based encryption (ABE) and searchable encryption (SE) is used to facilitate it. This combination provides a powerful tool where multiple data owners can share their data with multiple data users in an independent and differential manner. In this article, the authors have used key-policy design framework of attribute-based encryption to construct the multi-keyword search scheme where access rights assigned to a data user are associated with his/her secret key. This leads to a situation where a data user can abuse his secret key to distribute it illegally to the unauthorized users to perform search over the shared data which is not intended for him/her. Therefore, to track such kind of key abusers the authors have embedded an extra functionality of tracing the traitors. For this purpose, each user is assigned a unique identity in the form of binary string where each bit represents an attribute related to his identity. In addition to the normal attributes, the access structure of a user also possesses identity-related attributes which are hidden from the user along with some normal attributes. Hence, the proposed scheme supports partial anonymity. Further, in the event of user revocation the proposed scheme efficiently handles the system update process by delegating the computationally intensive tasks to the cloud server. Finally, the proposed scheme is proved secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption and decision linear assumption in the selective security model.

Download Full-text

An Attribute-Based Searchable Encryption Scheme for Non-Monotonic Access Structure

Handbook of Research on Intrusion Detection Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2242-4.ch013 ◽

2020 ◽

pp. 263-283 ◽

Cited By ~ 1

Author(s):

Mamta ◽

Brij B. Gupta

Keyword(s):

Access Control ◽

Searchable Encryption ◽

Access Structure ◽

Encryption Scheme ◽

Security Model ◽

Secret Key ◽

Fine Grained ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Encryption Schemes

Attribute based encryption (ABE) is a widely used technique with tremendous application in cloud computing because it provides fine-grained access control capability. Owing to this property, it is emerging as a popular technique in the area of searchable encryption where the fine-grained access control is used to determine the search capabilities of a user. But, in the searchable encryption schemes developed using ABE it is assumed that the access structure is monotonic which contains AND, OR and threshold gates. Many ABE schemes have been developed for non-monotonic access structure which supports NOT gate, but this is the first attempt to develop a searchable encryption scheme for the same. The proposed scheme results in fast search and generates secret key and search token of constant size and also the ciphertext components are quite fewer than the number of attributes involved. The proposed scheme is proven secure against chosen keyword attack (CKA) in selective security model under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Dynamic Policy Attribute Based Encryption and its Application in Generic Construction of Multi-Keyword Search

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2019100102 ◽

2019 ◽

Vol 11 (4) ◽

pp. 16-38 ◽

Cited By ~ 7

Author(s):

Mamta ◽

Brij B. Gupta ◽

Syed Taqi Ali

Keyword(s):

Keyword Search ◽

Policy Design ◽

Transformation Method ◽

Access Policy ◽

Fine Grained ◽

Security Issues ◽

Constant Size ◽

Attribute Based Encryption ◽

Secret Keys ◽

Dynamic Policy

Attribute based encryption (ABE) is an encryption technique which provides a good solution to the security issues in the cloud environment. Through ABE, a data owner can achieve the fine-grained sharing of data encrypted under attributes or an access policy which they possess. The relation among these attributes is represented by the access policy which is expressed as an access tree. In this article, the authors first present an ABE scheme which supports frequent changes in the access tree and hence, it is named a dynamic policy ABE. Also, the proposed scheme generates secret keys of constant size which can save bandwidth. The proposed scheme is based on key-policy design and supports monotonic access structure that consists of AND, OR and Threshold gates. Inspired by the proposed dynamic policy ABE scheme the authors then present a multi-keyword search scheme which inherits all the features of the proposed ABE scheme. Therefore, it provides a constant size trapdoor and support for fast search. The construction of a multi-keyword search scheme is generic in nature and any ABE scheme can be converted to the multi-keyword search scheme using the transformation method given in the paper. Finally, the proposed schemes are proven to be secure under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Ciphertext-policy attribute-based encryption with hidden sensitive policy from keyword search techniques in smart city

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-020-01875-2 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Fei Meng ◽

Leixiao Cheng ◽

Mingqiang Wang

Keyword(s):

Smart City ◽

Keyword Search ◽

Sensitive Information ◽

Security Model ◽

Computational Overhead ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Iot Devices ◽

Ciphertext Policy ◽

Access Policies

AbstractCountless data generated in Smart city may contain private and sensitive information and should be protected from unauthorized users. The data can be encrypted by Attribute-based encryption (CP-ABE), which allows encrypter to specify access policies in the ciphertext. But, traditional CP-ABE schemes are limited because of two shortages: the access policy is public i.e., privacy exposed; the decryption time is linear with the complexity of policy, i.e., huge computational overheads. In this work, we introduce a novel method to protect the privacy of CP-ABE scheme by keyword search (KS) techniques. In detail, we define a new security model called chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and hidden. If user's attributes don't satisfy the public policy, he/she cannot get any information (attribute name and its values) of the hidden one. Previous CP-ABE schemes with hidden policy only work on the “AND-gate” access structure or their ciphertext size or decryption time maybe super-polynomial. Our scheme is more expressive and compact. Since, IoT devices spread all over the smart city, so the computational overhead of encryption and decryption can be shifted to third parties. Therefore, our scheme is more applicable to resource-constrained users. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Traceable Attribute-Based Secure Data Sharing with Hidden Policies in Mobile Health Networks

Mobile Information Systems ◽

10.1155/2020/3984048 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Xueyan Liu ◽

Yukun Luo ◽

Xiaotao Yang

Keyword(s):

Bilinear Pairing ◽

Health Networks ◽

Access Policy ◽

Fine Grained ◽

Attribute Based Encryption ◽

Data Owner ◽

Data User ◽

Efficient Scheme ◽

And Performance ◽

The One

The growing need to store, share, and manage medical and health records has resulted in electronic medical health sharing system (mHealth), which provides intelligent medical treatment for people. Attribute-based encryption (ABE) is regarded as a new cryptology to enhance fine-grained access control over encrypted sharing data in mHealth. However, some existing attribute-based mHealth systems not only violate the one-to-many application characteristics of attribute-based encryption mechanism but also destroy the anonymity of user. In this study, an efficient scheme is proposed to tackle the above defaults and offer two-way anonymity of data owner and data user by introducing a pseudoidentity. The computation of hidden access policy is reduced by removing the bilinear pairing, whereas the interaction between cloud storage and data user is avoided to save bandwidth during trapdoor generation. We also consider the temporal factor of the uploaded information by introducing access validity. Security and performance analyses show that the proposed scheme is efficient without reducing security.

Download Full-text

Server-Aided Revocable Predicate Encryption: Formalization and Lattice-Based Instantiation

The Computer Journal ◽

10.1093/comjnl/bxz079 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1849-1862

Author(s):

San Ling ◽

Khoa Nguyen ◽

Huaxiong Wang ◽

Juanyang Zhang

Keyword(s):

Third Party ◽

Fine Grained ◽

Attribute Based Encryption ◽

The Standard Model ◽

User Revocation ◽

Promising Solution ◽

Identity Based ◽

Role Based ◽

Predicate Encryption ◽

Learning With Errors Problem

Abstract Efficient user revocation is a necessary but challenging problem in many multi-user cryptosystems. Among known approaches, server-aided revocation yields a promising solution, because it allows to outsource the major workloads of system users to a computationally powerful third party, called the server, whose only requirement is to carry out the computations correctly. Such a revocation mechanism was considered in the settings of identity-based encryption and attribute-based encryption by Qin et al. (2015, ESORICS) and Cui et al. (2016, ESORICS ), respectively. In this work, we consider the server-aided revocation mechanism in the more elaborate setting of predicate encryption (PE). The latter, introduced by Katz et al. (2008, EUROCRYPT), provides fine-grained and role-based access to encrypted data and can be viewed as a generalization of identity-based and attribute-based encryption. Our contribution is 2-fold. First, we formalize the model of server-aided revocable PE (SR-PE), with rigorous definitions and security notions. Our model can be seen as a non-trivial adaptation of Cui et al.’s work into the PE context. Second, we put forward a lattice-based instantiation of SR-PE. The scheme employs the PE scheme of Agrawal et al. (2011, ASIACRYPT) and the complete subtree method of Naor et al. (2001, CRYPTO) as the two main ingredients, which work smoothly together thanks to a few additional techniques. Our scheme is proven secure in the standard model (in a selective manner), based on the hardness of the learning with errors problem.

Download Full-text

A Lightweight Fine-Grained Search Scheme over Encrypted Data in Cloud-Assisted Wireless Body Area Networks

Wireless Communications and Mobile Computing ◽

10.1155/2019/9340808 ◽

2019 ◽

Vol 2019 ◽

pp. 1-12 ◽

Cited By ~ 2

Author(s):

Mingsheng Cao ◽

Luhan Wang ◽

Zhiguang Qin ◽

Chunwei Lou

Keyword(s):

Keyword Search ◽

Body Area Networks ◽

Wireless Body Area Networks ◽

Security And Privacy ◽

Body Area ◽

Encrypted Data ◽

Fine Grained ◽

Resource Limited ◽

Attribute Based Encryption ◽

Ciphertext Policy

The wireless body area networks (WBANs) have emerged as a highly promising technology that allows patients’ demographics to be collected by tiny wearable and implantable sensors. These data can be used to analyze and diagnose to improve the healthcare quality of patients. However, security and privacy preserving of the collected data is a major challenge on resource-limited WBANs devices and the urgent need for fine-grained search and lightweight access. To resolve these issues, in this paper, we propose a lightweight fine-grained search over encrypted data in WBANs by employing ciphertext policy attribute based encryption and searchable encryption technologies, of which the proposed scheme can provide resource-constraint end users with fine-grained keyword search and lightweight access simultaneously. We also formally define its security and prove that it is secure against both chosen plaintext attack and chosen keyword attack. Finally, we make a performance evaluation to demonstrate that our scheme is much more efficient and practical than the other related schemes, which makes the scheme more suitable for the real-world applications.

Download Full-text

Privacy-Preserving and Efficient Public Key Encryption with Keyword Search Based on CP-ABE in Cloud

Cryptography ◽

10.3390/cryptography4040028 ◽

2020 ◽

Vol 4 (4) ◽

pp. 28

Author(s):

Yunhong Zhou ◽

Shihui Zheng ◽

Licheng Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Keyword Search ◽

Good Method ◽

Privacy Preserving ◽

Public Key ◽

Public Key Encryption ◽

Encrypted Data ◽

Fine Grained ◽

Attribute Based Encryption

In the area of searchable encryption, public key encryption with keyword search (PEKS) has been a critically important and promising technique which provides secure search over encrypted data in cloud computing. PEKS can protect user data privacy without affecting the usage of the data stored in the untrusted cloud server environment. However, most of the existing PEKS schemes concentrate on data users’ rich search functionalities, regardless of their search permission. Attribute-based encryption technology is a good method to solve the security issues, which provides fine-grained access control to the encrypted data. In this paper, we propose a privacy-preserving and efficient public key encryption with keyword search scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique to support both fine-grained access control and keyword search over encrypted data simultaneously. We formalize the security definition, and prove that our scheme achieves selective indistinguishability security against an adaptive chosen keyword attack. Finally, we present the performance analysis in terms of theoretical analysis and experimental analysis, and demonstrate the efficiency of our scheme.

Download Full-text

Server-Aided Revocable Attribute-Based Encryption from Lattices

Security and Communication Networks ◽

10.1155/2020/1460531 ◽

2020 ◽

Vol 2020 ◽

pp. 1-13

Author(s):

Xingting Dong ◽

Yanhua Zhang ◽

Baocang Wang ◽

Jiangshan Chen

Keyword(s):

Access Control ◽

Standard Model ◽

Secret Key ◽

Bilinear Maps ◽

Encrypted Data ◽

Fine Grained ◽

Attribute Based Encryption ◽

The Standard Model ◽

Learning With Errors

Attribute-based encryption (ABE) can support a fine-grained access control to encrypted data. When the user’s secret-key is compromised, the ABE system has to revoke its decryption privileges to prevent the leakage of encrypted data. Although there are many constructions about revocable ABE from bilinear maps, the situation with lattice-based constructions is less satisfactory, and a few efforts were made to close this gap. In this work, we propose the first lattice-based server-aided revocable attribute-based encryption (SR-ABE) scheme and thus the first such construction that is believed to be quantum resistant. In the standard model, our scheme is proved to be secure based on the hardness of the Learning With Errors (LWE) problem.

Download Full-text

A Novel File Hierarchy Access Control Scheme Using Attribute-Based Encryption

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.701-702.911 ◽

2014 ◽

Vol 701-702 ◽

pp. 911-918 ◽

Cited By ~ 1

Author(s):

Shu Lan Wang ◽

Jian Ping Yu ◽

Peng Zhang ◽

Ping Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Access Structure ◽

Secret Key ◽

Chosen Plaintext Attack ◽

Fine Grained ◽

Access Structures ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Control Scheme

Attribute-based encryption (ABE) can keep data privacy and realize fine-grained access control. However, the notion of file hierarchy hasn't been presented until now. The problem, the multiple hierarchical files to be shared only using once encryption scheme, cannot be effectively solved. Based on the access structure layered model, a novel access control scheme about file hierarchy is proposed by using ABE to solve the problem. The proposed scheme will not only decrease the number of access structures to one, but also only require a secret key to decrypt all the authorization files. It is proved to be secure against the chosen-plaintext attack (CPA) under the decision bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis results indicate that the proposed scheme is efficient and practical when a large number of hierarchical files are shared.

Download Full-text

Ciphertext-Policy Attribute-based Encryption with Hidden Sensitive Policy from Keyword Search Techniques in Smarty City

10.21203/rs.3.rs-53313/v2 ◽

2020 ◽

Author(s):

Fei Meng ◽

Leixiao Cheng ◽

Mingqiang Wang

Keyword(s):

Smart City ◽

Keyword Search ◽

End Users ◽

The Other ◽

Sensitive Information ◽

Security Model ◽

Access Policy ◽

Attribute Based Encryption ◽

Ciphertext Policy ◽

Access Policies

Abstract Smart city greatly facilitates citizens and generates innumerable data, some of which is very private and sensitive. To protect data from unauthorized users, ciphertext-policy attribute-based encryption (CP-ABE) enables data owner to specify an access policy on encrypted data. However, There are two drawbacks in traditional CP-ABE schemes. On the one hand, the access policy is revealed in the ciphertext so that sensitive information contained in the policy is exposed to anyone who obtains the ciphertext. For example, both the plaintext and access policy of an encrypted recruitment may reveal the company’s future development plan. On the other hand, the decryption time scales linearly with the complexity of the access, which makes it unsuitable for resource-limited end users. In this paper, we propose a CP-ABE scheme with hidden sensitive policy from keyword search (KS) techniques in smart city. Specifically, we introduce a new security model chosen sensitive policy security : two access policies embedded in the ciphertext, one is public and the other is sensitive and fully hidden, only if user’s attributes satisfy the public policy, it’s possible for him/her to learn about the hidden policy, otherwise he/she cannot get any information (attribute name and its values) of it. When the user satisfies both access policies, he/she can obtain and decrypt the ciphertext. Compared with other CP-ABE schemes, our scheme exploits KS techniques to achieve more expressive and efficient, while the access policy of their schemes only work on the “AND-gate” structure or their ciphertext size or decryption time maybe super-polynomial. In addition, intelligent devices spread all over the smart city, so partial computational overhead of encryption of our scheme can be outsourced to these devices as fog nodes, while most part overhead in the decryption process is outsourced to the cloud.Therefore, our scheme is more applicable to end users with resource-constrained mobile devices. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text