Fine-Grained Access Control with Efficient Revocation in Cloud Storage

2014 ◽  
Vol 571-572 ◽  
pp. 79-89
Author(s):  
Ting Zhong ◽  
You Peng Sun ◽  
Qiao Liu
Keyword(s):  
Access Control ◽  
Cloud Storage ◽  
Storage System ◽  
Fine Grained ◽  
Computational Overhead ◽  
Attribute Based Encryption ◽  
Encrypt Data ◽  
User Revocation ◽  
Ciphertext Policy ◽  
Access Policies

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

scholarly journals Securing E-health Data using Ciphertext-Policy Attribute-Based Encryption with Dynamic User Revocation

2019 ◽  
Vol 8 (3) ◽  
pp. 7244-7250
Keyword(s):  
Access Control ◽  
Service Providers ◽  
Health Data ◽  
Security And Privacy ◽  
Unique Identifier ◽  
Fine Grained ◽  
Attribute Based Encryption ◽  
User Revocation ◽  
Role Based ◽  
Ciphertext Policy

E-health systems hold a massive amount of medical data that is stored and shared across healthcare service providers to deliver health facilities. However, security and privacy worries increase when sharing this data over distributed settings. As a result, Cryptography techniques have been considered to secure e-health data from unauthorized access. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) is commonly utilized in such a setting, which provides role-based and fine-grained access control over encrypted data. The CP-ABE suffers from the problem of user revocation where the entire policy must be changed even when only one user is revoked or removed from the policy. In this paper, we proposed a CP-ABE based access control model to support user revocation efficiently. Specifically, the proposed model associates a unique identifier to each user. This identifier is added to the policy attributes and removed dynamically when the user is added/revoked. A tree structure (PolicyPathTree) is designed specifically for our model. It can facilitate fast access to policy's attributes during the verification process; The model is analyzed using Information Theory Tools. Results show that our model outperforms other notable work in terms of computational overheads.,

scholarly journals Research on Ciphertext-Policy Attribute-Based Encryption with Attribute Level User Revocation in Cloud Storage

2017 ◽  
Vol 2017 ◽  
pp. 1-12 ◽  
Author(s):  
Guangbo Wang ◽  
Jianhua Wang
Keyword(s):  
Access Control ◽  
Cloud Storage ◽  
Control Policy ◽  
Attribute Level ◽  
Fine Grained ◽  
Computational Load ◽  
Diffie Hellman ◽  
Attribute Based Encryption ◽  
Important Challenge ◽  
Ciphertext Policy

Attribute-based encryption (ABE) scheme is more and more widely used in the cloud storage, which can achieve fine-grained access control. However, it is an important challenge to solve dynamic user and attribute revocation in the original scheme. In order to solve this problem, this paper proposes a ciphertext-policy ABE (CP-ABE) scheme which can achieve attribute level user attribution. In this scheme, if some attribute is revoked, then the ciphertext corresponding to this attribute will be updated so that only the individuals whose attributes meet the access control policy and have not been revoked will be able to carry out the key updating and decrypt the ciphertext successfully. This scheme is proved selective-structure secure based on the q-Parallel Bilinear Diffie-Hellman Exponent (BDHE) assumption in the standard model. Finally, the performance analysis and experimental verification have been carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although our scheme increases the computational load of storage service provider (CSP) in order to achieve the attribute revocation, it does not need the participation of attribute authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except for the private key, thus saving the storage space greatly.

Efficient Data Access Control for Cloud Computing With Large Universe and Traceable Attribute-Based Encryption

2020 ◽  
Vol 9 (4) ◽  
pp. 61-81
Author(s):  
G. Sravan Kumar
Keyword(s):  
Access Control ◽  
Data Access ◽  
Fine Grained ◽  
Data Access Control ◽  
Attribute Based Encryption ◽  
Efficient Data ◽  
Commercial Applications ◽  
Setup Phase ◽  
Ciphertext Policy ◽  
Access Policies

Ciphertext-policy attribute-based encryption (CP-ABE) schemes provide fine-grained access control for the data stored in cloud computers. However, commercial CP-ABE applications need a new encryption scheme for providing two properties such as: supporting large universe attribute and traceability. First, a large universe attribute allows the attribute authority to use any number of attributes in the system. i.e., the attribute universe is dynamic, and it is not fixed at the setup phase. Second, traceable CP-ABE systems trace the dishonest users who intentionally leak the private key for their profit. In this article, a large universe CP-ABE system with white box traceability has been proposed. The attribute universe of the proposed technique is exponentially larger, and it is polynomially unbound. Further, this technique will trace the identity of users who involve in malicious activities. In addition, the proposed scheme can express any kind of monotonic tree access policies into linear secret sharing structure (LSSS). Compared with the existing schemes that are presented to achieve the same property, proposed scheme has achieved better experimental results and so it is applicable for commercial applications.

scholarly journals Ciphertext-policy attribute-based encryption with hidden sensitive policy from keyword search techniques in smart city

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Fei Meng ◽  
Leixiao Cheng ◽  
Mingqiang Wang
Keyword(s):  
Smart City ◽  
Keyword Search ◽  
Sensitive Information ◽  
Security Model ◽  
Computational Overhead ◽  
Diffie Hellman ◽  
Attribute Based Encryption ◽  
Iot Devices ◽  
Ciphertext Policy ◽  
Access Policies

AbstractCountless data generated in Smart city may contain private and sensitive information and should be protected from unauthorized users. The data can be encrypted by Attribute-based encryption (CP-ABE), which allows encrypter to specify access policies in the ciphertext. But, traditional CP-ABE schemes are limited because of two shortages: the access policy is public i.e., privacy exposed; the decryption time is linear with the complexity of policy, i.e., huge computational overheads. In this work, we introduce a novel method to protect the privacy of CP-ABE scheme by keyword search (KS) techniques. In detail, we define a new security model called chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and hidden. If user's attributes don't satisfy the public policy, he/she cannot get any information (attribute name and its values) of the hidden one. Previous CP-ABE schemes with hidden policy only work on the “AND-gate” access structure or their ciphertext size or decryption time maybe super-polynomial. Our scheme is more expressive and compact. Since, IoT devices spread all over the smart city, so the computational overhead of encryption and decryption can be shifted to third parties. Therefore, our scheme is more applicable to resource-constrained users. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

scholarly journals Ciphertext-Policy Attribute-based Encryption with Hidden Sensitive Policy for Recruitment in Smart City

2020 ◽  
Author(s):  
Fei Meng ◽  
Leixiao Cheng ◽  
Mingqiang Wang
Keyword(s):  
Smart City ◽  
End Users ◽  
The Other ◽  
Sensitive Information ◽  
Security Model ◽  
Access Policy ◽  
Computational Overhead ◽  
Attribute Based Encryption ◽  
Ciphertext Policy ◽  
Access Policies

Abstract Smart city, as a promising technical tendency, greatly facilitates citizens and generates innumerable data, some of which is very private and sensitive. To protect data from unauthorized users, ciphertext-policy attribute-based encryption (CP-ABE) enables data owner to specify an access policy on encrypted data. However, There are two drawbacks in traditional CP-ABE schemes. On the one hand, the access policy is revealed in the ciphertext so that sensitive information contained in the policy is exposed to anyone who obtains the ciphertext. For example, both the plaintext and access policy of an encrypted recruitment may reveal the company's future development plan. On the other hand, the decryption time scales linearly with the complexity of the access, which makes it unsuitable for resource-limited end users. In this paper, we propose a CP-ABE scheme with hidden sensitive policy for recruitment in smart city. Specifically, we introduce a new security model chosen sensitive policy security: two access policies embedded in the ciphertext, one is public and the other is sensitive and fully hidden, only if user's attributes satisfy the public policy, it's possible for him/her to learn about the hidden policy, otherwise he/she cannot get any information (attribute name and its values) of it. When the user satisfies both access policies, he/she can obtain and decrypt the ciphertext. Compared with other CP-ABE schemes, our scheme supports a more expressive access policy, since the access policy of their schemes only work on the ``AND-gate'' structure. In addition, intelligent devices spread all over the smart city, so partial computational overhead of encryption of our scheme can be outsourced to these devices as fog nodes, while most part overhead in the decryption process is outsourced to the cloud. Therefore, our scheme is more applicable to end users with resource-constrained mobile devices. We prove our scheme to be selective secure under the decisional bilinear Diffie-Hellman (DBDH) assumption.

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

2019 ◽  
Vol 62 (12) ◽  
pp. 1748-1760 ◽  
Author(s):  
Yang Chen ◽  
Wenmin Li ◽  
Fei Gao ◽  
Wei Yin ◽  
Kaitai Liang ◽  
...  
Keyword(s):  
Access Control ◽  
Data Sharing ◽  
Inner Product ◽  
Access Structure ◽  
Online Data ◽  
Fine Grained ◽  
Access Structures ◽  
Attribute Based Encryption ◽  
And Performance ◽  
Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Sign in / Sign up

Export Citation Format

Share Document