Attribute Revocable Multi-Authority Attribute-Based Encryption with Forward Secrecy for Cloud Storage

Internet of Things (IoT) has been widely applied in various fields. IoT data can also be put to cloud, but there are still concerns regarding security and privacy. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is attracted attention in cloud storage as a suitable encryption scheme for confidential data share and transmission. In CP-ABE, the secret key of a user is associated with a set of attributes; when attributes satisfy the access structure, the ciphertext is able to be decrypted. It is necessary that multiple authorities issue and manage secret keys independently. Authorities that generate the secret key can be regarded as managing the attributes of a user in CP-ABE. CP-ABE schemes that have multiple authorities have been proposed. The other hand, it should consider that a user’s operation at the terminals is not necessary when a user drop an attribute and key is updated and the design of the communication system is a simple. In this paper, we propose CP-ABE scheme that have multiple key authorities and can revoke attribute immediately with no updating user’s secret key for attribute revocation. In addition, the length of ciphertext is fixed. The proposed scheme is IND-CPA secure in DBDH assumption under the standard model. We compare the proposed scheme and the other CP-ABE schemes and show that the proposed scheme is more suitable for cloud storage. key words: ciphertext-policy attribute-based encryption, multiple key authorities, attribute revocation, forward secrecy

[1]  Xu Han,et al.  An efficient index for massive IOT data in cloud environment , 2012, CIKM '12.

[2]  Jian Pei,et al.  A spatiotemporal compression based approach for efficient big data processing on Cloud , 2014, J. Comput. Syst. Sci..

[3]  Joseph K. Liu,et al.  Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data , 2015, ESORICS.

[4]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[5]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.

[6]  Mooi Choo Chuah,et al.  Secure Data Retrieval Based on Ciphertext Policy Attribute-Based Encryption ( CP-ABE ) System for the DTNs , 2009 .

[7]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[8]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[9]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[10]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[11]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[12]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.

[13]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[14]  D. Jayakumar Secure Data Retrieval for Decentralized Disruption-Tolerant Military Networks , 2015 .

[15]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[16]  XiaoFeng Wang,et al.  Sedic: privacy-aware data intensive computing on hybrid clouds , 2011, CCS '11.

[17]  Pascal Junod,et al.  An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies , 2010, DRM '10.

[18]  Tsz Hon Yuen,et al.  Fully Secure Multi-authority Ciphertext-Policy Attribute-Based Encryption without Random Oracles , 2011, ESORICS.

[19]  Jie Wu,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011, Comput. Secur..

[20]  Jinjun Chen,et al.  CCBKE - Session key negotiation for fast and secure scheduling of scientific applications in cloud computing , 2013, Future Gener. Comput. Syst..

[21]  Xiaohua Jia,et al.  Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[22]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[23]  Xiaoyan Hong,et al.  Secure, selective group broadcast in vehicular networks using dynamic attribute based encryption , 2010, 2010 The 9th IFIP Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net).

[24]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[25]  Dijiang Huang,et al.  ASPE: attribute-based secure policy enforcement in vehicular ad hoc networks , 2009, Ad Hoc Networks.

[26]  Xiaohua Jia,et al.  Attributed-Based Access Control for Multi-authority Systems in Cloud Storage , 2012, 2012 IEEE 32nd International Conference on Distributed Computing Systems.

[27]  Jinjun Chen,et al.  External integrity verification for outsourced big data in cloud and IoT: A big picture , 2015, Future Gener. Comput. Syst..

[28]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[29]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[30]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[31]  Xiaohui Liang,et al.  Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority , 2008, INDOCRYPT.

[32]  Xiaohui Liang,et al.  Provably secure and efficient bounded ciphertext policy attribute based encryption , 2009, ASIACCS '09.

[33]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[34]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[35]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[36]  Ivan Stojmenovic,et al.  DACC: Distributed Access Control in Clouds , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[37]  Pieter H. Hartel,et al.  Mediated Ciphertext-Policy Attribute-Based Encryption and Its Application , 2009, WISA.