Compulsory traceable ciphertext-policy attribute-based encryption against privilege abuse in fog computing

Abstract Due to the structure of fog systems, ciphertext-policy attribute-based encryption (CP-ABE) is regarded as a promising technique to address certain security problems present in the fog. Unfortunately, in most traditional CP-ABE systems, a user can deliberately leak his attribute keys to others or use his private key to build a decryption device and provide a decryption service with little risk of being caught (untraceable). We refer to this behavior as privilege abuse. The privilege abuse problem will seriously hinder the adoption of CP-ABE. To address the problem, we propose a novel black-box traceable CP-ABE scheme that is much simpler than the existing white-box traceable schemes. A malicioususer who builds a decryption black-box can be tracked and exposed by our scheme. Due to its scalability and relatively high efficiency, the scheme could be practical for fog systems. Furthermore, we point out that, if the adversary can distinguish the tracing ciphertext from the normal ciphertext, he can frustrate tracking by outputting incorrect decryption results. Thus, the traceability must be compulsory, so as to ensure that the adversary cannot distinguish between the tracing ciphertext and the normal ciphertext. Therefore, we present a formal definition of compulsory traceability with a new security game, and our scheme is proved to be secure and compulsory traceable under the generic group model.

[1]  Kai Zhang,et al.  Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability , 2017, Science China Information Sciences.

[2]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[3]  Arwa Alrawais,et al.  An Attribute-Based Encryption Scheme to Secure Fog Communications , 2017, IEEE Access.

[4]  Kim-Kwang Raymond Choo,et al.  Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment , 2017, Comput. Stand. Interfaces.

[5]  Jianfeng Ma,et al.  Provably secure unbounded multi-authority ciphertext-policy attribute-based encryption , 2015, Secur. Commun. Networks.

[6]  Xiaolei Dong,et al.  Traceable CP-ABE with Short Ciphertexts: How to Catch People Selling Decryption Devices on eBay Efficiently , 2016, ESORICS.

[7]  Zhen Liu,et al.  Traceable CP-ABE: How to Trace Decryption Devices Found in the Wild , 2015, IEEE Transactions on Information Forensics and Security.

[8]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[9]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[10]  Leandros Maglaras,et al.  Security and Privacy in Fog Computing: Challenges , 2017, IEEE Access.

[11]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[12]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[13]  Pieter H. Hartel,et al.  Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes , 2008, ISPEC.

[14]  Quan Zhao,et al.  A searchable encryption of CP-ABE scheme in cloud storage , 2013, 2013 10th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP).

[15]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[16]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[17]  Hongwei Liu,et al.  An efficient access control scheme with outsourcing capability and attribute update for fog computing , 2018, Future Gener. Comput. Syst..

[18]  Elisa Bertino,et al.  Robust Multi-Factor Authentication for Fragile Communications , 2014, IEEE Transactions on Dependable and Secure Computing.

[19]  Keke Gai,et al.  Spoofing-Jamming Attack Strategy Using Optimal Power Distributions in Wireless Smart Grid Networks , 2017, IEEE Transactions on Smart Grid.

[20]  Cheng Chen,et al.  Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost , 2011, ProvSec.

[21]  Keke Gai,et al.  Proactive user-centric secure data scheme using attribute-based semantic access controls for mobile clouds in financial industry , 2018, Future Gener. Comput. Syst..

[22]  Chunguang Ma,et al.  Fine-Grained Access Control for Big Data Based on CP-ABE in Cloud Computing , 2015, ICYCSEE.

[23]  Qun Li,et al.  Security and Privacy Issues of Fog Computing: A Survey , 2015, WASA.

[24]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[25]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[26]  Xiaolei Dong,et al.  Large Universe Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability , 2014, ESORICS.

[27]  Ivan Stojmenovic,et al.  An overview of Fog computing and its security issues , 2016, Concurr. Comput. Pract. Exp..

[28]  Fuchun Guo,et al.  Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing , 2018, Future Gener. Comput. Syst..

[29]  Xin Wang,et al.  A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing , 2017, Sensors.

[30]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[31]  Zhen Liu,et al.  Blackbox traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on ebay , 2013, CCS.

[32]  Rodrigo Roman,et al.  Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges , 2016, Future Gener. Comput. Syst..

[33]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[34]  Sateesh Addepalli,et al.  Fog computing and its role in the internet of things , 2012, MCC '12.

[35]  K. Kuppusamy,et al.  An expressive and provably secure Ciphertext-Policy Attribute-Based Encryption , 2014, Inf. Sci..

[36]  Keke Gai,et al.  Blend Arithmetic Operations on Tensor-Based Fully Homomorphic Encryption Over Real Numbers , 2018, IEEE Transactions on Industrial Informatics.

[37]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[38]  Jun Ma,et al.  Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage , 2013, 2017 IEEE International Symposium on Parallel and Distributed Processing with Applications and 2017 IEEE International Conference on Ubiquitous Computing and Communications (ISPA/IUCC).