Verifiable attribute-based proxy re-encryption for secure public cloud data sharing

For secure data sharing in the public cloud, attribute-based encryption was introduced to simultaneously achieve data confidentiality and fine-grained access control. In order to update access control of the attribute-based encrypted data from delegation, attribute-based proxy re-encryption AB-PRE was proposed accordingly. Most previous AB-PRE schemes require that the proxy executes the re-encryption honestly. However, the public cloud as a proxy may not meet the requirement because the encrypted data are delegated to the public cloud and out of control for data owners. In this paper, we introduce verifiability for AB-PRE to check the correctness of the re-encryption executed by the proxy. By introducing a commitment scheme and a key derivation function, we propose a generic construction of unidirectional single-hop AB-PRE with verifiable re-encryption AB-VPRE for both key-policy and ciphertext-policy settings, and the access structure can be monotonic and non-monotonic. We prove the security and the verification soundness of our constructed AB-VPRE scheme in the standard model and provide three instantiations. Compared with previous work on AB-PRE, our proposed AB-VPRE schemes require less computation and can efficiently detect the malicious behaviors of the proxy. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[2]  Yutaka Kawai,et al.  Re-Encryption Verifiability: How to Detect Malicious Activities of a Proxy in Proxy Re-Encryption , 2015, CT-RSA.

[3]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[4]  Hoeteck Wee,et al.  Dual System Encryption via Predicate Encodings , 2014, TCC.

[5]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[6]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[7]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[8]  Yunlei Zhao,et al.  Generic Construction of Chosen Ciphertext Secure Proxy Re-Encryption , 2012, CT-RSA.

[9]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[10]  Joseph K. Liu,et al.  A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing , 2015, Future Gener. Comput. Syst..

[11]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[12]  Willy Susilo,et al.  Searchable Attribute-Based Mechanism With Efficient Data Sharing for Secure Cloud Storage , 2015, IEEE Transactions on Information Forensics and Security.

[13]  Hwajeong Seo,et al.  Attribute-based Proxy Re-encryption with a Constant Number of Pairing Operations , 2012, J. Inform. and Commun. Convergence Engineering.

[14]  Zhong Chen,et al.  Ciphertext Policy Attribute-Based Proxy Re-encryption , 2010, ICICS.

[15]  Nuttapong Attrapadung,et al.  Dual System Encryption via Doubly Selective Security: Framework, Fully-secure Functional Encryption for Regular Languages, and More , 2014, IACR Cryptol. ePrint Arch..

[16]  Guomin Yang,et al.  An Adaptively CCA-Secure Ciphertext-Policy Attribute-Based Proxy Re-Encryption for Cloud Data Sharing , 2014, ISPEC.

[17]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[18]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[19]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[20]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[21]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[22]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[23]  Willy Susilo,et al.  A Ciphertext-Policy Attribute-Based Proxy Re-encryption with Chosen-Ciphertext Security , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[24]  Robert H. Deng,et al.  Attribute-Based Encryption With Verifiable Outsourced Decryption , 2013, IEEE Transactions on Information Forensics and Security.

[25]  Hoeteck Wee,et al.  Improved Dual System ABE in Prime-Order Groups via Predicate Encodings , 2015, EUROCRYPT.

[26]  Brent Waters,et al.  Attribute-Based Encryption with Fast Decryption , 2013, Public Key Cryptography.