A Novel File Hierarchy Access Control Scheme Using Attribute-Based Encryption

Attribute-based encryption (ABE) can keep data privacy and realize fine-grained access control. However, the notion of file hierarchy hasn't been presented until now. The problem, the multiple hierarchical files to be shared only using once encryption scheme, cannot be effectively solved. Based on the access structure layered model, a novel access control scheme about file hierarchy is proposed by using ABE to solve the problem. The proposed scheme will not only decrease the number of access structures to one, but also only require a secret key to decrypt all the authorization files. It is proved to be secure against the chosen-plaintext attack (CPA) under the decision bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis results indicate that the proposed scheme is efficient and practical when a large number of hierarchical files are shared.

Download Full-text

An Attribute-Based Searchable Encryption Scheme for Non-Monotonic Access Structure

Handbook of Research on Intrusion Detection Systems - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2242-4.ch013 ◽

2020 ◽

pp. 263-283 ◽

Cited By ~ 1

Author(s):

Mamta ◽

Brij B. Gupta

Keyword(s):

Access Control ◽

Searchable Encryption ◽

Access Structure ◽

Encryption Scheme ◽

Security Model ◽

Secret Key ◽

Fine Grained ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Encryption Schemes

Attribute based encryption (ABE) is a widely used technique with tremendous application in cloud computing because it provides fine-grained access control capability. Owing to this property, it is emerging as a popular technique in the area of searchable encryption where the fine-grained access control is used to determine the search capabilities of a user. But, in the searchable encryption schemes developed using ABE it is assumed that the access structure is monotonic which contains AND, OR and threshold gates. Many ABE schemes have been developed for non-monotonic access structure which supports NOT gate, but this is the first attempt to develop a searchable encryption scheme for the same. The proposed scheme results in fast search and generates secret key and search token of constant size and also the ciphertext components are quite fewer than the number of attributes involved. The proposed scheme is proven secure against chosen keyword attack (CKA) in selective security model under Decisional Bilinear Diffie-Hellman (DBDH) assumption.

Download Full-text

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

The Computer Journal ◽

10.1093/comjnl/bxz052 ◽

2019 ◽

Vol 62 (12) ◽

pp. 1748-1760 ◽

Cited By ~ 2

Author(s):

Yang Chen ◽

Wenmin Li ◽

Fei Gao ◽

Wei Yin ◽

Kaitai Liang ◽

...

Keyword(s):

Access Control ◽

Data Sharing ◽

Inner Product ◽

Access Structure ◽

Online Data ◽

Fine Grained ◽

Access Structures ◽

Attribute Based Encryption ◽

And Performance ◽

Ciphertext Policy

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Download Full-text

Privacy-Preserving and Efficient Public Key Encryption with Keyword Search Based on CP-ABE in Cloud

Cryptography ◽

10.3390/cryptography4040028 ◽

2020 ◽

Vol 4 (4) ◽

pp. 28

Author(s):

Yunhong Zhou ◽

Shihui Zheng ◽

Licheng Wang

Keyword(s):

Access Control ◽

Data Privacy ◽

Keyword Search ◽

Good Method ◽

Privacy Preserving ◽

Public Key ◽

Public Key Encryption ◽

Encrypted Data ◽

Fine Grained ◽

Attribute Based Encryption

In the area of searchable encryption, public key encryption with keyword search (PEKS) has been a critically important and promising technique which provides secure search over encrypted data in cloud computing. PEKS can protect user data privacy without affecting the usage of the data stored in the untrusted cloud server environment. However, most of the existing PEKS schemes concentrate on data users’ rich search functionalities, regardless of their search permission. Attribute-based encryption technology is a good method to solve the security issues, which provides fine-grained access control to the encrypted data. In this paper, we propose a privacy-preserving and efficient public key encryption with keyword search scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique to support both fine-grained access control and keyword search over encrypted data simultaneously. We formalize the security definition, and prove that our scheme achieves selective indistinguishability security against an adaptive chosen keyword attack. Finally, we present the performance analysis in terms of theoretical analysis and experimental analysis, and demonstrate the efficiency of our scheme.

Download Full-text

Server-Aided Revocable Attribute-Based Encryption from Lattices

Security and Communication Networks ◽

10.1155/2020/1460531 ◽

2020 ◽

Vol 2020 ◽

pp. 1-13

Author(s):

Xingting Dong ◽

Yanhua Zhang ◽

Baocang Wang ◽

Jiangshan Chen

Keyword(s):

Access Control ◽

Standard Model ◽

Secret Key ◽

Bilinear Maps ◽

Encrypted Data ◽

Fine Grained ◽

Attribute Based Encryption ◽

The Standard Model ◽

Learning With Errors

Attribute-based encryption (ABE) can support a fine-grained access control to encrypted data. When the user’s secret-key is compromised, the ABE system has to revoke its decryption privileges to prevent the leakage of encrypted data. Although there are many constructions about revocable ABE from bilinear maps, the situation with lattice-based constructions is less satisfactory, and a few efforts were made to close this gap. In this work, we propose the first lattice-based server-aided revocable attribute-based encryption (SR-ABE) scheme and thus the first such construction that is believed to be quantum resistant. In the standard model, our scheme is proved to be secure based on the hardness of the Learning With Errors (LWE) problem.

Download Full-text

A Survey on Security Models for Data Privacy in Big Data Analytics

Asian Journal of Computer Science and Technology ◽

10.51983/ajcst-2018.7.s1.1798 ◽

2018 ◽

Vol 7 (S1) ◽

pp. 87-89

Author(s):

Avula Satya Sai Kumar ◽

S. Mohan ◽

R. Arunkumar

Keyword(s):

Big Data ◽

Access Control ◽

Data Analytics ◽

Data Privacy ◽

Big Data Analytics ◽

Private Key ◽

Access Structures ◽

Security Models ◽

Attribute Based Encryption ◽

And Performance

As emerging data world like Google and Wikipedia, volume of the data growing gradually for centralization and provide high availability. The storing and retrieval in large volume of data is specialized with the big data techniques. In addition to the data management, big data techniques should need more concentration on the security aspects and data privacy when the data deals with authorized and confidential. It is to provide secure encryption and access control in centralized data through Attribute Based Encryption (ABE) Algorithm. A set of most descriptive attributes is used as categorize to produce secret private key and performs access control. Several works proposed in existing based on the different access structures of ABE algorithms. Thus the algorithms and the proposed applications are literally surveyed and detailed explained and also discuss the functionalities and performance aspects comparison for desired ABE systems.

Download Full-text

A Fine-Grained IoT Data Access Control Scheme Combining Attribute-Based Encryption and Blockchain

Security and Communication Networks ◽

10.1155/2021/5308206 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Xiaofeng Lu ◽

Songbing Fu ◽

Cheng Jiang ◽

Pietro Lio

Keyword(s):

Access Control ◽

Distributed Storage ◽

Data Access ◽

Security And Privacy ◽

Privacy And Security ◽

Fine Grained ◽

Blockchain Technology ◽

Data Access Control ◽

Attribute Based Encryption ◽

Control Scheme

IoT technology has been widely valued and applied, and the resulting massive IoT data brings many challenges to the traditional centralized data management, such as performance, privacy, and security challenges. This paper proposes an IoT data access control scheme that combines attribute-based encryption (ABE) and blockchain technology. Symmetric encryption and ABE algorithms are utilized to realize fine-grained access control and ensure the security and openness of IoT data. Moreover, blockchain technology is combined with distributed storage to solve the storage bottleneck of blockchain systems. Only the hash values of the data, the hash values of the ciphertext location, the access control policy, and other important information are stored on the blockchain. In this scheme, smart contract is used to implement access control. The results of experiments demonstrate that the proposed scheme can effectively protect the security and privacy of IoT data and realize the secure sharing of data.

Download Full-text

An efficient attribute-based hierarchical data access control scheme in cloud computing

Human-centric Computing and Information Sciences ◽

10.1186/s13673-020-00255-5 ◽

2020 ◽

Vol 10 (1) ◽

Author(s):

Heng He ◽

Liang-han Zheng ◽

Peng Li ◽

Li Deng ◽

Li Huang ◽

...

Keyword(s):

Cloud Computing ◽

Access Control ◽

High Performance ◽

Data Access ◽

Fine Grained ◽

Security Issues ◽

Access Structures ◽

Data Access Control ◽

Control Scheme ◽

Access Requirement

AbstractSecurity issues in cloud computing have become a hot topic in academia and industry, and CP-ABE is an effective solution for managing and protecting data. When data is shared in cloud computing, they usually have multiple access structures that have hierarchical relationships. However, existing CP-ABE algorithms do not consider such relationships and just require data owners to generate multiple ciphertexts to meet the hierarchical access requirement, which would incur substantial computation overheads. To achieve fine-grained access control of multiple hierarchical files effectively, first we propose an efficient hierarchical CP-ABE algorithm whose access structure is linear secret sharing scheme. Moreover, we construct an attribute-based hierarchical access control scheme, namely AHAC. In our scheme, when a data visitor’s attributes match a part of the access control structure, he can decrypt the data that associate with this part. The experiments show that AHAC has good security and high performance. Furthermore, when the quantity of encrypted data files increases, the superiority of AHAC will be more significant.

Download Full-text

An Improved Ciphertext-Policy Attribute-Based Encryption Scheme in Power Cloud Access Control

Applied Sciences ◽

10.3390/app8101836 ◽

2018 ◽

Vol 8 (10) ◽

pp. 1836

Author(s):

Yuancheng Li ◽

Pan Zhang ◽

Boyan Wang

Keyword(s):

Access Control ◽

Automatic Generation ◽

Access Structure ◽

Efficient Operation ◽

Time Consumption ◽

Fine Grained ◽

Attribute Based Encryption ◽

Control Schemes ◽

Symmetric Key ◽

Ciphertext Policy

In power cloud environment, the existing Ciphertext-Policy Attribute-Based Encryption (CP-ABE) access control schemes, do not consider the generation of access structure and the existence of malicious users. To tackle these problems, a power cloud access control (PCAC) scheme is proposed, which improves the traditional CP-ABE access control model. Considering the heavy time consumption of CP-ABE, PCAC encrypts the symmetric key, instead of the raw data. PCAC combines the access tree and linear secret-sharing scheme (LSSS) to achieve the automatic generation and efficient operation of access structure. Additionally, an action audit phase, based on zero-knowledge verification was designed to defend against malicious users. The experiments proved that PCAC meets the requirement of fine-grained access control, in a power cloud. Compared with existing CP-ABE schemes, the PCAC scheme reduced about half of the time consumption, in the action audit phase and costs about one-third the time, in the data obtainment stage.

Download Full-text

An Efficient Key-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length

Mathematical Problems in Engineering ◽

10.1155/2013/810969 ◽

2013 ◽

Vol 2013 ◽

pp. 1-7 ◽

Cited By ~ 9

Author(s):

Changji Wang ◽

Jianfa Luo

Keyword(s):

Bilinear Pairing ◽

Security And Privacy ◽

Sensitive Data ◽

Fine Grained ◽

Access Structures ◽

Promising Tool ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Cryptographic Primitive ◽

Key Policy

There is an acceleration of adoption of cloud computing among enterprises. However, moving the infrastructure and sensitive data from trusted domain of the data owner to public cloud will pose severe security and privacy risks. Attribute-based encryption (ABE) is a new cryptographic primitive which provides a promising tool for addressing the problem of secure and fine-grained data sharing and decentralized access control. Key-policy attribute-based encryption (KP-ABE) is an important type of ABE, which enables senders to encrypt messages under a set of attributes and private keys are associated with access structures that specify which ciphertexts the key holder will be allowed to decrypt. In most existing KP-ABE scheme, the ciphertext size grows linearly with the number of attributes embedded in ciphertext. In this paper, we propose a new KP-ABE construction with constant ciphertext size. In our construction, the access policy can be expressed as any monotone access structure. Meanwhile, the ciphertext size is independent of the number of ciphertext attributes, and the number of bilinear pairing evaluations is reduced to a constant. We prove that our scheme is semantically secure in the selective-set model based on the general Diffie-Hellman exponent assumption.

Download Full-text

Research on Ciphertext-Policy Attribute-Based Encryption with Attribute Level User Revocation in Cloud Storage

Mathematical Problems in Engineering ◽

10.1155/2017/4070616 ◽

2017 ◽

Vol 2017 ◽

pp. 1-12 ◽

Cited By ~ 3

Author(s):

Guangbo Wang ◽

Jianhua Wang

Keyword(s):

Access Control ◽

Cloud Storage ◽

Control Policy ◽

Attribute Level ◽

Fine Grained ◽

Computational Load ◽

Diffie Hellman ◽

Attribute Based Encryption ◽

Important Challenge ◽

Ciphertext Policy

Attribute-based encryption (ABE) scheme is more and more widely used in the cloud storage, which can achieve fine-grained access control. However, it is an important challenge to solve dynamic user and attribute revocation in the original scheme. In order to solve this problem, this paper proposes a ciphertext-policy ABE (CP-ABE) scheme which can achieve attribute level user attribution. In this scheme, if some attribute is revoked, then the ciphertext corresponding to this attribute will be updated so that only the individuals whose attributes meet the access control policy and have not been revoked will be able to carry out the key updating and decrypt the ciphertext successfully. This scheme is proved selective-structure secure based on the q-Parallel Bilinear Diffie-Hellman Exponent (BDHE) assumption in the standard model. Finally, the performance analysis and experimental verification have been carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although our scheme increases the computational load of storage service provider (CSP) in order to achieve the attribute revocation, it does not need the participation of attribute authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except for the private key, thus saving the storage space greatly.

Download Full-text