Fine-grained document sharing using attribute-based encryption in cloud servers

With the rapid development of cloud computing, more and more users begin to share documents in cloud servers. Since cloud servers are not within the trusted domain of users, encryption and access control are needed to protect the digital content. Attribute-based encryption is a favorable scheme that has been used for content protection in cloud computing. It can provide “one-to-many” encryption service so that one encrypted file can be decrypted by multiple prospective recipients whose attributes conform to the access policy. Currently, all existing attribute-based encryption schemes assume that the digital content and authorized users are equally privileged; however, there are emerging application scenarios that demand digital content and users with different privileges. In this paper, we present a new attribute-based encryption scheme that can generate security keys of different class for users by integrating ciphertext-policy attribute-based encryption and hierarchical cryptographic key management. Thus, we achieve the fine-grained document sharing which means that users can preview the same document with different privileges. We use hierarchical keys derived from a chain of one-way functions. Extensive analysis shows that our proposed scheme is simple, efficient and secure. The proposed scheme can provide “one-fits-many” encryption service.

[1]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[2]  Hongxia Jin,et al.  Broadcast Encryption for Differently Privileged , 2009, SEC.

[3]  Stephen Mooney,et al.  Digital Rights Management: Business and Technology , 2001 .

[4]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Ruiheng Qiu,et al.  A novel XML-based document format with printing quality for web publishing , 2010, Electronic Imaging.

[7]  Cong Wang,et al.  Enhancing attribute-based encryption with attribute hierarchy , 2009, ICC 2009.

[8]  Chien-Lung Hsu,et al.  A Robust Dynamic Access Control Scheme in a User Hierarchy Based on One-Way Hash Functions , 2014 .

[9]  Yong Tang,et al.  Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[10]  Zhibin Zhou,et al.  Gradual identity exposure using attribute-based encryption , 2012, Int. J. Inf. Priv. Secur. Integr..

[11]  Gail-Joon Ahn,et al.  Comparison-based encryption for fine-grained access control in clouds , 2012, CODASPY '12.

[12]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[13]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[14]  Zhi Tang,et al.  An efficient key management scheme for segment-based document protection , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[15]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[16]  Celia Li,et al.  Access control in a hierarchy using one-way hash functions , 2004, Comput. Secur..

[17]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[18]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[19]  Wenjing Lou,et al.  Attribute-based on-demand multicast group setup with membership anonymity , 2008, SecureComm.

[20]  Wenjun Zeng,et al.  Multimedia Security Technologies for Digital Rights Management , 2006 .