Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage

For realizing the flexible, scalable and fuzzy fine-grained access control, ciphertext policy attribute-based encryption (CP-ABE) scheme has been widely used in the cloud storage system. However, the access structure of CP-ABE scheme is outsourced to the cloud storage server, resulting in the disclosure of access policy privacy. In addition, there are multiple authorities that coexist and each authority is able to issue attributes independently in the cloud storage system. However, existing CP-ABE schemes cannot be directly applied to data access control for multi-authority cloud storage system, due to the inefficiency for user revocation. In this paper, to cope with these challenges, we propose a decentralized multi-authority CP-ABE access control scheme, which is more practical for supporting the user revocation. In addition, this scheme can protect the data privacy and the access policy privacy with policy hidden in the cloud storage system. Here, the access policy that is realized by employing the linear secret sharing scheme. Finally, the security and performance analyses demonstrate that our scheme has high security in terms of access policy privacy and efficiency in terms of computational cost of user revocation.

[1]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[2]  Li Xu,et al.  Cost-Effective Authentic and Anonymous Data Sharing with Forward Security , 2015, IEEE Transactions on Computers.

[3]  Guomin Yang,et al.  Hidden Ciphertext Policy Attribute-Based Encryption Under Standard Assumptions , 2016, IEEE Transactions on Information Forensics and Security.

[4]  Ian Goldberg,et al.  Pairing-Based Onion Routing , 2007, Privacy Enhancing Technologies.

[5]  Giuseppe Cattaneo,et al.  SECR3T: Secure End-to-End Communication over 3G Telecommunication Networks , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[6]  Zhen Liu,et al.  Traceable CP-ABE: How to Trace Decryption Devices Found in the Wild , 2015, IEEE Transactions on Information Forensics and Security.

[7]  Syed Taqi Ali,et al.  Ciphertext policy-hiding attribute-based encryption , 2015, 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[8]  Xiaodong Lin,et al.  Fine-grained data sharing in cloud computing for mobile devices , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[9]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[10]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  Jin Wang,et al.  Mutual Verifiable Provable Data Auditing in Public Cloud Storage , 2015 .

[12]  Hao Wang,et al.  New large-universe multi-authority ciphertext-policy ABE scheme and its application in cloud storage systems , 2016, J. High Speed Networks.

[13]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[14]  Ilsun You,et al.  Verifiable Auditing for Outsourced Database in Cloud Computing , 2015, IEEE Transactions on Computers.

[15]  Zhihua Xia,et al.  A Secure and Dynamic Multi-Keyword Ranked Search Scheme over Encrypted Cloud Data , 2016, IEEE Transactions on Parallel and Distributed Systems.

[16]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[17]  Cong Wang,et al.  Enabling Cloud Storage Auditing With Verifiable Outsourcing of Key Updates , 2016, IEEE Transactions on Information Forensics and Security.

[18]  Stefan Katzenbeisser,et al.  Distributed Attribute-Based Encryption , 2009, ICISC.

[19]  Sourya Joyee De,et al.  Decentralized Access Control on Data in the Cloud with Fast Encryption and Outsourced Decryption , 2014, GLOBECOM 2014.

[20]  Sherali Zeadally,et al.  Certificateless Public Auditing Scheme for Cloud-Assisted Wireless Body Area Networks , 2018, IEEE Systems Journal.

[21]  Yi Mu,et al.  Improving Privacy and Security in Decentralized Ciphertext-Policy Attribute-Based Encryption , 2015, IEEE Transactions on Information Forensics and Security.

[22]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[23]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[24]  Xiang-Yang Li,et al.  Privacy preserving cloud data access with multi-authorities , 2012, 2013 Proceedings IEEE INFOCOM.

[25]  Tsz Hon Yuen,et al.  Fully Secure Multi-authority Ciphertext-Policy Attribute-Based Encryption without Random Oracles , 2011, ESORICS.

[26]  Wei Li,et al.  TMACS: A Robust and Verifiable Threshold Multi-Authority Access Control System in Public Cloud Storage , 2016, IEEE Transactions on Parallel and Distributed Systems.

[27]  Xingming Sun,et al.  Achieving Efficient Cloud Search Services: Multi-Keyword Ranked Search over Encrypted Cloud Data Supporting Parallel Computing , 2015, IEICE Trans. Commun..

[28]  Xiaohua Jia,et al.  Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage , 2014, IEEE Transactions on Parallel and Distributed Systems.

[29]  Bo Lang,et al.  A CP-ABE scheme with hidden policy and its application in cloud computing , 2016, Int. J. Cloud Comput..

[30]  Sushmita Ruj,et al.  Decentralized Access Control with Anonymous Authentication of Data Stored in Clouds , 2014, IEEE Transactions on Parallel and Distributed Systems.

[31]  Sanjit Chatterjee,et al.  Multi-receiver Identity-Based Key Encapsulation with Shortened Ciphertext , 2006, INDOCRYPT.

[32]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.