×

Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. (English) Zbl 1381.94112

Summary: For realizing the flexible, scalable and fuzzy fine-grained access control, ciphertext policy attribute-based encryption (CP-ABE) scheme has been widely used in the cloud storage system. However, the access structure of CP-ABE scheme is outsourced to the cloud storage server, resulting in the disclosure of access policy privacy. In addition, there are multiple authorities that coexist and each authority is able to issue attributes independently in the cloud storage system. However, existing CP-ABE schemes cannot be directly applied to data access control for multi-authority cloud storage system, due to the inefficiency for user revocation. In this paper, to cope with these challenges, we propose a decentralized multi-authority CP-ABE access control scheme, which is more practical for supporting the user revocation. In addition, this scheme can protect the data privacy and the access policy privacy with policy hidden in the cloud storage system. Here, the access policy that is realized by employing the linear secret sharing scheme. Finally, the security and performance analyses demonstrate that our scheme has high security in terms of access policy privacy and efficiency in terms of computational cost of user revocation.

MSC:

94A62 Authentication, digital signatures and secret sharing
94A60 Cryptography
68P25 Data encryption (aspects in computer science)
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Beimel A (1996) Secure schemes for secret sharing and key distribution. Technion-Israel Institute of technology, Faculty of computer science · Zbl 1360.68432
[2] Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, IEEE, pp 321-334
[3] Castiglione A, Cattaneo G, De Maio G, Petagna F (2011) Secr3t: secure end-to-end communication over 3g telecommunication networks. In: Proceedings of innovative mobile and internet services in ubiquitous computing (IMIS) 2011, IEEE, pp 520-526
[4] Chatterjee S, Sarkar P (2006) Multi-receiver identity-based key encapsulation with shortened ciphertext. In: Progress in cryptology-INDOCRYPT 2006, Springer, NewYork, pp 394-408 · Zbl 1175.94107
[5] De SJ, Ruj S (2015) Decentralized access control on data in the cloud with fast encryption and outsourced decryption. In: Proceedings of the global communications conference 2015, IEEE, pp 1-6
[6] Fu Z, Sun X, Liu Q, Zhou L, Shu J (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun 98(1):190-200 · doi:10.1587/transcom.E98.B.190
[7] Han J, Susilo W, Mu Y, Zhou J, Au MHA (2015) Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE Trans Inf Forensics Secur 10(3):665-678 · doi:10.1109/TIFS.2014.2382297
[8] He D, Zeadally S, Wu L (2015) Certificateless public auditing scheme for cloud-assisted wireless body area networks. IEEE Syst J 99:1-10 · doi:10.1109/JSYST.2015.2428620
[9] Hu VC, Kuhn DR, Ferraiolo DF (2015) Attribute-based access control. Computer 2:85-88 · doi:10.1109/MC.2015.33
[10] Huang X, Liu JK, Tang S, Xiang Y, Liang K, Xu L, Zhou J (2015) Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans Comput 64(4):971-983 · Zbl 1360.68432 · doi:10.1109/TC.2014.2315619
[11] Jung T, Li XY, Wan Z, Wan M (2013) Privacy preserving cloud data access with multi-authorities. In: Proceedings of the IEEE INFOCOM 2013, IEEE, pp 2625-2633
[12] Kate A, Zaverucha G, Goldberg I (2007) Pairing-based onion routing. In: Privacy enhancing technologies, Springer, NewYork, pp 95-112
[13] Lai J, Deng RH, Li Y (2012) Expressive CP-ABE with partially hidden access structures. In: Proceedings of the 7th ACM symposium on information. ACM, computer and communications security, pp 18-19 · Zbl 1360.68452
[14] Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: Advances in cryptology-EUROCRYPT 2011, Springer, NewYork, pp 568-588 · Zbl 1290.94106
[15] Li W, Xue K, Xue Y, Hong J (2015) Tmacs: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Inf Forensics Secur 10(1):55-68 · doi:10.1109/TIFS.2014.2363562
[16] Liu Z, Cao Z, Huang Q, Wong DS, Yuen TH (2011) Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles. In: Computer security- ESORICS 2011, Springer, NewYork, pp 278297 · Zbl 1477.68061
[17] Müller S, Katzenbeisser S, Eckert C (2008) Distributed attribute-based encryption. In: Information security and cryptology-ICISC 2008, Springer, NewYork, pp 20-36
[18] Nishide T, Yoneyama K, Ohta K (2008) Attribute-based encryption with partially hidden encryptor-specified access structures. In: Applied cryptography and network security, Springer, NewYork, pp 111-129 · Zbl 1319.94081
[19] Phuong TVX, Yang G, Susilo W (2016) Hidden ciphertext policy attribute-based encryption under standard assumptions. IEEE Trans Inf Forensics Secur 11(1):35-45 · doi:10.1109/TIFS.2015.2475723
[20] Ren YJ, Shen J, Wang J, Han J, Lee SY (2015) Mutual verifiable provable data auditing in public cloud storage. J Internet Technol 16(2):317-323
[21] Ruj S, Stojmenovic M, Nayak A (2014) Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans Parallel Distrib Syst 25(2):384-394 · doi:10.1109/TPDS.2013.38
[22] Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Advances in cryptology EUROCRYPT 2005, Springer, NewYork, pp 457-473 · Zbl 1137.94355
[23] Shao J, Lu R, Lin X (2015) Fine-grained data sharing in cloud computing for mobile devices. In: Proceedings of the IEEE INFOCOM 2015, IEEE, pp 2677-2685
[24] Wang H, Zheng Z, Wu L, He D (2016a) New large-universe multi-authority ciphertext-policy abe scheme and its application in cloud storage systems. J High Speed Netw 22(2):153-167 · doi:10.3233/JHS-160536
[25] Wang J, Chen X, Huang X, You I, Xiang Y (2015) Verifiable auditing for outsourced database in cloud computing. IEEE Trans Comput 64(11):3293-3303 · Zbl 1360.68187 · doi:10.1109/TC.2015.2401036
[26] Wang S, Zhou J, Liu JK, Yu J, Chen J, Xie W (2016b) An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(6):1265-1277 · doi:10.1109/TIFS.2016.2523941
[27] Xia Z, Wang X, Sun X, Wang Q (2016) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340-352 · doi:10.1109/TPDS.2015.2401003
[28] Xu R, Lang B (2015) A CP-ABE scheme with hidden policy and its application in cloud computing. Int J Cloud Comput 4(4):279-298 · doi:10.1504/IJCC.2015.074224
[29] Yadav UC, Ali ST (2015) Ciphertext policy-hiding attributebased encryption. In: Proceedings of advances in computing, communications and informatics 2015, IEEE, pp 2067-2071 · Zbl 1360.68452
[30] Yang K, Jia X (2014a) DAC-MACS: Effective data access control for multi-authority cloud storage systems. In: Security for cloud storage systems, Springer, NewYork, pp 59-83
[31] Yang K, Jia X (2014b) Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25(7):1735-1744 · doi:10.1109/TPDS.2013.253
[32] Yu J, Ren K, Wang C (2016) Enabling cloud storage auditing with verifiable outsourcing of key updates. IEEE Trans Inf Forensics Secur 11(6):1362-1375 · doi:10.1109/TIFS.2016.2528500
[33] Zhou J, Cao Z, Dong X, Lin X (2015a) TR-MABE: whitebox traceable and revocable multi-authority attributebased encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems. In: Proceedings of the IEEE INFOCOM 2015, IEEE, pp 2398-2406
[34] Zhou Z, Huang D, Wang Z (2015b) Efficient privacy preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans Comput 64(1):126-138 · Zbl 1360.68452 · doi:10.1109/TC.2013.200
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.