Efficient Attribute-Based Encryption with Privacy-Preserving Key Generation and Its Application in Industrial Cloud

Due to the rapid development of new technologies such as cloud computing, Internet of Things (IoT), and mobile Internet, the data volumes are exploding. Particularly, in the industrial field, a large amount of data is generated every day. How to manage and use industrial Big Data primely is a thorny challenge for every industrial enterprise manager. As an emerging form of service, cloud computing technology provides a good solution. It receives more and more attention and support due to its flexible configuration, on-demand purchase, and easy maintenance. Using cloud technology, enterprises get rid of the heavy data management work and concentrate on their main business. Although cloud technology has many advantages, there are still many problems in terms of security and privacy. To protect the confidentiality of the data, the mainstream solution is encrypting data before uploading. In order to achieve flexible access control to encrypted data, attribute-based encryption (ABE) is an outstanding candidate. At present, more and more applications are using ABE to ensure data security. However, the privacy protection issues during the key generation phase are not considered in the current ABE systems. That is to say, the key generation center (KGC) knows both of attributes and corresponding keys of each user. This problem is especially serious in the industrial big data scenario, because it will cause great damage to the business secrets of industrial enterprises. In this paper, we design a new ABE scheme that protects user’s privacy during key issuing. In our new scheme, we separate the functionality of attribute auditing and key generating to ensure that the KGC cannot know user’s attributes and that the attribute auditing center (AAC) cannot obtain the user’s secret key. This is ideal for many privacy-sensitive scenarios, such as industrial big data scenario.

[1]  Julien P. Stern A New Efficient All-Or-Nothing Disclosure of Secrets Protocol , 1998, ASIACRYPT.

[2]  Mingwu Zhang,et al.  On the Soundness and Security of Privacy-Preserving SVM for Outsourcing Data Classification , 2018, IEEE Transactions on Dependable and Secure Computing.

[3]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[4]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[5]  Daniel Lehmann,et al.  On the advantages of free choice: a symmetric and fully distributed solution to the dining philosophers problem , 1981, POPL '81.

[6]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[7]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[8]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[9]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[10]  Mingwu Zhang,et al.  Accountable mobile E-commerce scheme in intelligent cloud system transactions , 2018, J. Ambient Intell. Humaniz. Comput..

[11]  Edwin Hsing-Mean Sha,et al.  Light-weight trust-enhanced on-demand multi-path routing in mobile ad hoc networks , 2016, J. Netw. Comput. Appl..

[12]  Li Li,et al.  Towards a Novel Trust-Based Multicast Routing for VANETs , 2018, Secur. Commun. Networks.

[13]  Joel J. P. C. Rodrigues,et al.  SDN-Enabled Multi-Attribute-Based Secure Communication for Smart Grid in IIoT Environment , 2018, IEEE Transactions on Industrial Informatics.

[14]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[15]  Hao Wang,et al.  Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing , 2016, Soft Computing.

[16]  Hao Wang,et al.  Fuzzy matching and direct revocation: a new CP-ABE scheme from multilinear maps , 2018, Soft Comput..

[17]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[18]  Frank Wang,et al.  Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds , 2016, NSDI.

[19]  Wen-Guey Tzeng Efficient 1-out-of-n oblivious transfer schemes with universally usable parameters , 2004, IEEE Transactions on Computers.

[20]  Edwin Hsing-Mean Sha,et al.  Applying trust enhancements to reactive routing protocols in mobile ad hoc networks , 2016, Wirel. Networks.

[21]  Hao Wang,et al.  Privacy-Preserving Wildcards Pattern Matching Protocol for IoT Applications , 2019, IEEE Access.

[22]  Jian Shen,et al.  Obfuscating EVES Algorithm and Its Application in Fair Electronic Transactions in Public Clouds , 2019, IEEE Systems Journal.

[23]  Hwajeong Seo,et al.  On Emerging Family of Elliptic Curves to Secure Internet of Things: ECC Comes of Age , 2017, IEEE Transactions on Dependable and Secure Computing.

[24]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[25]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[26]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols , 2010, Information Security and Cryptography.

[27]  Fu Xiao,et al.  An efficient social-like semantic-aware service discovery mechanism for large-scale Internet of Things , 2019, Comput. Networks.

[28]  Ling Gao,et al.  Face Detection for Privacy Protected Images , 2019, IEEE Access.

[29]  Hao Wang,et al.  New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems , 2016, J. High Speed Networks.

[30]  Hao Wang,et al.  New directly revocable attribute-based encryption scheme and its application in cloud storage environment , 2016, Cluster Computing.

[31]  Hao Wang,et al.  Secure Cloud-Based EHR System Using Attribute-Based Cryptosystem and Blockchain , 2018, Journal of Medical Systems.

[32]  Cheng Chen,et al.  Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost , 2011, ProvSec.