Practical, Provably Secure, and Black-Box Traceable CP-ABE for Cryptographic Cloud Storage

Cryptographic cloud storage (CCS) is a secure architecture built in the upper layer of a public cloud infrastructure. In the CCS system, a user can define and manage the access control of the data by himself without the help of cloud storage service provider. The ciphertext-policy attribute-based encryption (CP-ABE) is considered as the critical technology to implement such access control. However, there still exists a large security obstacle to the implementation of CP-ABE in CCS. That is, how to identify the malicious cloud user who illegally shares his private keys with others or applies his keys to construct a decryption device/black-box, and provides the decryption service. Although several CP-ABE schemes with black-box traceability have been proposed to address the problem, most of them are not practical in CCS systems, due to the absence of scalability and expensive computation cost, especially the cost of tracing. Thus, we present a new black-box traceable CP-ABE scheme that is scalable and high efficient. To achieve a much better performance, our work is designed on the prime order bilinear groups that results in a great improvement in the efficiency of group operations, and the cost of tracing is reduced greatly to O(N) or O(1), where N is the number of users of a system. Furthermore, our scheme is proved secure in a selective standard model. To the best of our knowledge, this work is the first such practical and provably secure CP-ABE scheme for CCS, which is black-box traceable.

[1]  Zhen Liu,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Any Monotone Access Structures , 2013, IEEE Transactions on Information Forensics and Security.

[2]  Fuchun Guo,et al.  Flexible ciphertext-policy attribute-based encryption supporting AND-gate and threshold with short ciphertexts , 2017, International Journal of Information Security.

[3]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[4]  Xiaohui Liang,et al.  Provably secure and efficient bounded ciphertext policy attribute based encryption , 2009, ASIACCS '09.

[5]  Zhen Liu,et al.  Practical Attribute-Based Encryption: Traitor Tracing, Revocation and Large Universe , 2016, Comput. J..

[6]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[7]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[8]  Xiaolei Dong,et al.  Traceable CP-ABE with Short Ciphertexts: How to Catch People Selling Decryption Devices on eBay Efficiently , 2016, ESORICS.

[9]  Zhen Liu,et al.  Traceable CP-ABE: How to Trace Decryption Devices Found in the Wild , 2015, IEEE Transactions on Information Forensics and Security.

[10]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[11]  Elaine B. Barker,et al.  Recommendation for key management: , 2019 .

[12]  Shiho Moriai,et al.  POSTER: PRINCESS: A Secure Cloud File Storage System for Managing Data with Hierarchical Levels of Sensitivity , 2015, CCS.

[13]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[14]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[15]  Nishant Doshi,et al.  Fully secure ciphertext policy attribute-based encryption with constant length ciphertext and faster decryption , 2014, Secur. Commun. Networks.

[16]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[17]  Zhen Liu,et al.  Blackbox traceable CP-ABE: how to catch people leaking their keys by selling decryption devices on ebay , 2013, CCS.

[18]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[19]  Xiaolei Dong,et al.  Large Universe Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability , 2014, ESORICS.

[20]  李琦 Provably secure unbounded multi-authority ciphertext-policy attribute-based encryption , 2015 .

[21]  Zhen Liu,et al.  Traceable CP-ABE on Prime Order Groups: Fully Secure and Fully Collusion-Resistant Blackbox Traceable , 2015, ICICS.

[22]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[23]  Zhiying Wang,et al.  Compulsory traceable ciphertext-policy attribute-based encryption against privilege abuse in fog computing , 2018, Future Gener. Comput. Syst..

[24]  Jian Weng,et al.  Enabling Ciphertext Deduplication for Secure Cloud Storage and Access Control , 2016, AsiaCCS.

[25]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2010, Int. J. Appl. Cryptogr..

[26]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[27]  Jin Li,et al.  A2BE: Accountable Attribute-Based Encryption for Abuse Free Access Control , 2009, IACR Cryptol. ePrint Arch..

[28]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[29]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[30]  Angelo De Caro,et al.  jPBC: Java pairing based cryptography , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[31]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[32]  Yongdae Kim,et al.  On protecting integrity and confidentiality of cryptographic file system for outsourced storage , 2009, CCSW '09.

[33]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[34]  Kai Zhang,et al.  Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability , 2017, Science China Information Sciences.

[35]  Robert H. Deng,et al.  An Efficient and Expressive Ciphertext-Policy Attribute-Based Encryption Scheme with Partially Hidden Access Structures , 2016, ProvSec.

[36]  Pieter H. Hartel,et al.  Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes , 2008, ISPEC.

[37]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[38]  Xiaolei Dong,et al.  Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud , 2015, ESORICS.

[39]  K. Kuppusamy,et al.  An expressive and provably secure Ciphertext-Policy Attribute-Based Encryption , 2014, Inf. Sci..

[40]  Allison Lewko,et al.  Tools for simulating features of composite order bilinear groups in the prime order setting , 2012 .

[41]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[42]  Zhiying Wang,et al.  RIM4J: An Architecture for Language-Supported Runtime Measurement against Malicious Bytecode in Cloud Computing , 2018, Symmetry.