A decentralized multi-authority ciphertext-policy attribute-based encryption with mediated obfuscation

To ensure security and obtain fine-grained data access control policies in many management domains, multi-authority attribute-based encryption (MA-ABE) schemes were presented and have been applied in cloud storage system. There exist certain scenes where the application domains managed by different attribute authorities ( $$ AAs $$ AAs ) often change, and hence domain managements require more autonomous and independent. However, most of existing schemes do not support flexible managements. In order to support dynamic managements, we propose a new decentralized ciphertext-policy MA-ABE scheme with mediated obfuscation (MA-DCP-ABE-WMO) where each of $$ AAs $$ AAs works independently without any interaction with other $$ AAs $$ AAs . When issuing a secret key to a user, each of $$ AAs $$ AAs uses his secret to compute a share of the system master secret. Data are encrypted under the public keys of attribute management domains. To resist collusion attack, a common pseudorandom function $$ PRF( \cdot ) $$ P R F ( · ) is shared among $$ AAs $$ AAs and is used to randomize each user’s global identifier $$ Gid $$ Gid . The randomized $$ Gid $$ Gid is adopted to unify all target messages which need to be reconstructed from different management domains. We first introduce the mediated obfuscation (MO) model into MA-ABE scheme to provide online service and the interaction works among data owner, data user and the mediator. In the MO model, we define a special functional encryption scheme where the function program can be coded into an element of the multiplicative cyclic group. We obfuscate the function by randomly selecting a blinding factor to conduct exponent arithmetic with the base of the function. A special input of the function is constructed to cancel the blinding factor when calling the obfuscated function. It makes other participants know nothing about the inner function program but can evaluate the function program. Furthermore, the MA-DCP-ABE-WMO scheme is proved to be secure. Compared with related schemes, our scheme is suitable to dynamic domain managements. When the management domains are added or removed, the workload to update original ciphertexts and private keys is dramatically reduced.

[1]  Dennis Hofheinz,et al.  Obfuscation for Cryptographic Purposes , 2007, Journal of Cryptology.

[2]  Yael Tauman Kalai,et al.  On Symmetric Encryption and Point Obfuscation , 2010, TCC.

[3]  Hao Yan,et al.  A Novel Efficient Remote Data Possession Checking Protocol in Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[4]  Xiaolei Dong,et al.  Auditable $\sigma $ -Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing , 2018, IEEE Transactions on Information Forensics and Security.

[5]  Min Ji,et al.  CCA-secure ABE with outsourced decryption for fog computing , 2018, Future Gener. Comput. Syst..

[6]  Xiaolei Dong,et al.  White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively , 2018, IEEE Transactions on Dependable and Secure Computing.

[7]  Yael Tauman Kalai,et al.  On Virtual Grey Box Obfuscation for General Circuits , 2014, CRYPTO.

[8]  Allison Bishop,et al.  Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[9]  Jiguo Li,et al.  Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation , 2014, International Journal of Information Security.

[10]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[11]  Ran Canetti,et al.  Obfuscation of Probabilistic Circuits and Applications , 2015, TCC.

[12]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[13]  Jian Shen,et al.  Key-policy attribute-based encryption against continual auxiliary input leakage , 2019, Inf. Sci..

[14]  Robert Perry Hooker,et al.  FUNCTIONAL ENCRYPTION AS MEDIATED OBFUSCATION , 2012 .

[15]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[16]  Amit Sahai,et al.  Positive Results and Techniques for Obfuscation , 2004, EUROCRYPT.

[17]  Chen Yanli,et al.  Attribute-based access control for multi-authority systems with constant size ciphertext in cloud computing , 2016 .

[18]  Xiaolei Dong,et al.  CryptCloud$^+$+: Secure and Expressive Data Access Control for Cloud Storage , 2018, IEEE Transactions on Services Computing.

[19]  Yi Mu,et al.  Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption , 2012, IEEE Trans. Parallel Distributed Syst..

[20]  Yao Wang,et al.  Full Verifiability for Outsourced Decryption in Attribute Based Encryption , 2020, IEEE Transactions on Services Computing.

[21]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[22]  Robert H. Deng,et al.  Privacy-Preserving Attribute-Based Keyword Search in Shared Multi-owner Setting , 2019, IEEE Transactions on Dependable and Secure Computing.

[23]  Jiguo Li,et al.  Two-Party Attribute-Based Key Agreement Protocol with Constant-Size Ciphertext and Key , 2018, Secur. Commun. Networks.

[24]  Jiguo Li,et al.  Hierarchical attribute based encryption with continuous leakage-resilience , 2019, Inf. Sci..

[25]  Dawu Gu,et al.  A Note on Obfuscation for Cryptographic Functionalities of Secret-Operation Then Public-Encryption , 2011, TAMC.

[26]  Xiaohua Jia,et al.  Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[27]  Yi Mu,et al.  PPDCP-ABE: Privacy-Preserving Decentralized Cipher-Policy Attribute-Based Encryption , 2014, IACR Cryptol. ePrint Arch..

[28]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[29]  Jiguo Li,et al.  Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing , 2017, IEEE Transactions on Services Computing.

[30]  Jiguo Li,et al.  Improving Security and Privacy-Preserving in Multi-Authorities Ciphertext-Policy Attribute-Based Encryption , 2018, KSII Trans. Internet Inf. Syst..

[31]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[32]  Ran Canetti,et al.  Obfuscation of Hyperplane Membership , 2010, TCC.

[33]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[34]  Yael Tauman Kalai,et al.  Obfuscation for Evasive Functions , 2014, IACR Cryptol. ePrint Arch..

[35]  Yi Mu,et al.  Improving Privacy and Security in Decentralized Ciphertext-Policy Attribute-Based Encryption , 2015, IEEE Transactions on Information Forensics and Security.

[36]  Yang Lu,et al.  Anonymous certificate-based broadcast encryption with constant decryption cost , 2018, Inf. Sci..

[37]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[38]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[39]  Jiguo Li,et al.  KSF-OABE: Outsourced Attribute-Based Encryption with Keyword Search Function for Cloud Storage , 2017, IEEE Transactions on Services Computing.

[40]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[41]  Mingwu Zhang,et al.  Program Obfuscator for Privacy-Carrying Unidirectional One-hop Re-encryption , 2015, ICA3PP.

[42]  Jian Shen,et al.  User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage , 2018, IEEE Systems Journal.

[43]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[44]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.

[45]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[46]  Yunxiao Zu,et al.  The research of QoS guarantee mechanism of the secondary users in cognitive radio networks , 2016, China Communications.

[47]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[48]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[49]  Jiguo Li,et al.  Certificateless Public Integrity Checking of Group Shared Data on Cloud Storage , 2018, IEEE Transactions on Services Computing.