Extending the ciphertext-policy attribute based encryption scheme for supporting flexible access control

Ciphertext-Policy Attribute Based Encryption (CP-ABE) is recognized as an important data protection mechanism in cloud computing environment for its flexible, scalable and fine-grained access control features. For enhancing its security, efficiency and policy flexibility, researchers have proposed different schemes of CP-ABE which have different kinds of access policy structures. However, as far as we know, most of these structures only support AND, OR and threshold attribute operations. In order to achieve more effective data self-protection mechanisms in open environments such as Cloud computing, CP-ABE needs to support more flexible attribute based policies, most of which are described using operators of NOT, <, ≤, >, ≥. This paper proposed an Extended CP-ABE(ECP-ABE) scheme based on the existing CP-ABE scheme. The ECP-ABE scheme can express any access policy represented by arithmetic comparison and logical expressions that involve NOT, <, ≤, >, ≥ operators in addition to AND, OR and threshold operators. We prove the Chosen-plaintext Attack (CPA) security of our scheme under the Decisional Bilinear Diffie-Hellman (DBDH) assumption in the standard model, and also discuss the experimental results of the efficiency of ECP-ABE.

[1]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Pascal Junod,et al.  An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies , 2010, DRM '10.

[4]  Cheng Chen,et al.  Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost , 2011, ProvSec.

[5]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[6]  Xiaohui Liang,et al.  Provably secure and efficient bounded ciphertext policy attribute based encryption , 2009, ASIACCS '09.

[7]  Javier Herranz,et al.  Attribute-based encryption schemes with constant-size ciphertexts , 2012, Theor. Comput. Sci..

[8]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[9]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[10]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[11]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[12]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[13]  Cong Wang,et al.  Enhancing attribute-based encryption with attribute hierarchy , 2009, ICC 2009.

[14]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[15]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[16]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[17]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[18]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[19]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[20]  M V Patil,et al.  HASBE: A HIERARCHICAL ATTRIBUTE-BASED SOLUTION FOR FLEXIBLE AND SCALABLE ACCESS CONTROL IN CLOUD COMPUTING , 2006 .

[21]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[22]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2010, Int. J. Appl. Cryptogr..

[23]  Su Jin,et al.  Attribute-Based Encryption Schemes , 2011 .

[24]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[25]  Ian T. Foster,et al.  A Flexible Attribute Based Access Control Method for Grid Computing , 2008, Journal of Grid Computing.

[26]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[27]  HurJunbeom,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011 .

[28]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[29]  Pieter H. Hartel,et al.  Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes , 2008, ISPEC.

[30]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[31]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.