A threshold-based key generation approach for ciphertext-policy attribute-based encryption

Ciphertext-policy attribute-based encryption (CP-ABE) is proposed to provide identity-based access control which is suitable for cloud storage services. In CP-ABE, because the authority is responsible for key management, it must be trusted. There is only one authority in CP-ABE. Thus, CP-ABE may suffer a single point of failure. Although multi-authority ABE could solve this problem, attackers still can execute collusion attacks to compromise authorities. Thus, in this paper, we propose the threshold-based key generation approach (TKGA) for ciphertext-policy attribute-based encryption (CP-ABE). TKGA is a multi-authority approach which utilize the technologies of functional encryption and (n, k)-secret sharing. TKGA could efficiently impede collusion attacks because no single authority can directly generate secret keys. Thus, TKGA can be compromised if and only if at least k of n authorities are compromised by attackers. According to our security and performance evaluation, although TKGA has additional computation and communication overhead, TKGA can improve security by impeding collusion attacks.

[1]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Muttukrishnan Rajarajan,et al.  Secure data access in cloud computing , 2010, 2010 IEEE 4th International Conference on Internet Multimedia Services Architecture and Application.

[4]  Jie Wu,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011, Comput. Secur..

[5]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[6]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[7]  Cheng-Chi Lee,et al.  A Survey on Attribute-based Encryption Schemes of Access Control in Cloud Environments , 2013, Int. J. Netw. Secur..

[8]  Hong Zhao,et al.  Data Security and Privacy Protection Issues in Cloud Computing , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[9]  Brent Waters,et al.  Functional encryption: a new vision for public-key cryptography , 2012, CACM.

[10]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[13]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[14]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.