CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up.

[1]  Bruno Crispo,et al.  ESPOONERBAC: Enforcing security policies in outsourced environments , 2013, Comput. Secur..

[2]  Jason Crampton,et al.  Specifying and enforcing constraints in role-based access control , 2003, SACMAT '03.

[3]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[4]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[5]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[6]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[7]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[8]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[9]  Naomie Salim,et al.  Evaluation of data mining features, features taxonomies and their applications , 2017 .

[10]  Ian Goldberg,et al.  Pairing-Based Onion Routing , 2007, Privacy Enhancing Technologies.

[11]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[12]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[13]  K. Zaman Constraints Specification in Attribute Based Access Control , 2013 .

[14]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[15]  Nurmamat Helil,et al.  Attribute based access control constraint based on subject similarity , 2014, 2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA).

[16]  Nurmamat Helil,et al.  Risky permission set based access control constraint , 2016 .

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control , 1998, Adv. Comput..

[18]  Junbeom Hur,et al.  Attribute-Based Secure Data Sharing with Hidden Policies in Smart Grid , 2013, IEEE Transactions on Parallel and Distributed Systems.

[19]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[20]  Wenjing Lou,et al.  Attribute-based content distribution with hidden policy , 2008, 2008 4th Workshop on Secure Network Protocols.

[21]  Alireza Sharifi,et al.  Least-restrictive enforcement of the Chinese wall security policy , 2013, SACMAT '13.

[22]  Mukesh Singhal,et al.  Information flow control in cloud computing , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[23]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[24]  Åhman,et al.  Secret Sharing Scheme Based Approach for Access Control Constraint against Similar Users ’ Collusive Attack , 2016 .

[25]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[26]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[27]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[28]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[29]  David A. Basin,et al.  Separation of duties as a service , 2011, ASIACCS '11.

[30]  Bruno Crispo,et al.  ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.