A CP-ABE scheme with hidden policy and its application in cloud computing

With flexible and scalable features for fine-grained access control, ciphertext policy attribute-based encryption (CP-ABE) is widely used as a kind of data protection mechanism in cloud computing. However, the access policy of CP-ABE scheme may contain sensitive information which causes privacy revelation of the data provider or receiver. Some papers proposed hidden policy CP-ABE schemes, which were based on And-gate access structure whose expressive ability of access policy was limited. CP-ABE with the tree-based access structure has stronger expressive ability and more flexible access control capability. Therefore, it has broad application prospects compared to other mechanisms. This paper proposed a tree-based access structure CP-ABE scheme with hidden policy (CP-ABE-HP), and also proved that the scheme had chosen-plaintext attack (CPA) security. CP-ABE-HP could both protect the policy and had flexible access control capability. Then, considering the characteristics of cloud computing environment, the paper constructed a new self-contained data protection mechanism based on CP-ABE-HP, which could provide reliable and flexible security control to the data in cloud.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[3]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[4]  Wenjing Lou,et al.  Attribute-based content distribution with hidden policy , 2008, 2008 4th Workshop on Secure Network Protocols.

[5]  Robert H. Deng,et al.  Fully Secure Cipertext-Policy Hiding CP-ABE , 2011, ISPEC.

[6]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[7]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[8]  Robert H. Deng,et al.  Expressive CP-ABE with partially hidden access structures , 2012, ASIACCS '12.

[9]  Pieter H. Hartel,et al.  Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes , 2008, ISPEC.

[10]  K. Kuppusamy,et al.  Ciphertext Policy Attribute based Encryption with anonymous access policy , 2010, ArXiv.

[11]  K. Kuppusamy,et al.  Privacy Preserving Ciphertext Policy Attribute Based Encryption , 2010, CNSA.

[12]  Shucheng Yu,et al.  Data Sharing on Untrusted Storage with Attribute-Based Encryption , 2010 .

[13]  Jin Li,et al.  Privacy-Aware Attribute-Based Encryption with User Accountability , 2009, ISC.

[14]  Yanli Ren,et al.  Efficient Ciphertext-Policy Attribute Based Encryption with Hidden Policy , 2012, IDCS.

[15]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[16]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[17]  Sean W. Smith,et al.  Attribute-Based Publishing with Hidden Credentials and Hidden Policies , 2007, NDSS.

[18]  Mikhail J. Atallah,et al.  Attribute-Based Access Control with Hidden Policies and Hidden Credentials , 2006, IEEE Transactions on Computers.

[19]  Nishant Doshi,et al.  Hidden Access Structure Ciphertext Policy Attribute Based Encryption with Constant Length Ciphertext , 2011, ADCONS.

[20]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[21]  Wenjing Lou,et al.  Attribute-based on-demand multicast group setup with membership anonymity , 2008, SecureComm.

[22]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[23]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[24]  Adi Shamir,et al.  How to share a secret , 1979, CACM.