Auditable $\sigma $ -Time Outsourced Attribute-Based Encryption for Access Control in Cloud Computing

As a sophisticated mechanism for secure fine-grained access control over encrypted data, ciphertext-policy attribute-based encryption (CP-ABE) is one of the highly promising candidates for cloud computing applications. However, there exist two main long-lasting open problems of CP-ABE that may limit its wide deployment in commercial applications. One is that decryption yields expensive pairing cost which often grows with the increase of access policy size. The other is that one is granted access privilege for unlimited times as long as his attribute set satisfies the access policy of a given ciphertext. Such powerful access rights, which are provided by CP-ABE, may be undesirable in real-world applications (e.g., pay-as-you-use). To address the above drawbacks, in this paper, we propose a new notion called <italic>auditable <inline-formula> <tex-math notation="LaTeX">$\sigma $ </tex-math></inline-formula>-time outsourced CP-ABE</italic>, which is believed to be applicable to cloud computing. In our notion, expensive pairing operation incurred by decryption is offloaded to cloud and meanwhile, the correctness of the operation can be audited efficiently. Moreover, the notion provides <inline-formula> <tex-math notation="LaTeX">$\sigma $ </tex-math></inline-formula><italic>-time</italic> <italic>fine-grained access control</italic>. The cloud service provider may limit a particular set of users to enjoy access privilege for at most <inline-formula> <tex-math notation="LaTeX">$\sigma $ </tex-math></inline-formula> times within a specified period. As of independent interest, the notion also captures <italic>key-leakage resistance</italic>. The leakage of a user’s decryption key does not help a malicious third party in decrypting the ciphertexts belonging to the user. We design a concrete construction (satisfying our notion) in the key encapsulation mechanism setting based on Rouselakis and Waters (prime order) CP-ABE, and further present security and extensive experimental analysis to highlight the scalability and efficiency of our construction.

[1]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[2]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[3]  Hugo Krawczyk,et al.  Relaxing Chosen-Ciphertext Security , 2003, CRYPTO.

[4]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[5]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[6]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[7]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[8]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[10]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[11]  Robert H. Deng,et al.  HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing , 2012, IEEE Transactions on Information Forensics and Security.

[12]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[13]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.

[14]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[15]  Jianfeng Ma,et al.  Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption , 2013, ESORICS.

[16]  Xiaolei Dong,et al.  Large Universe Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability , 2014, ESORICS.

[17]  G. Ravi,et al.  Attribute Based Encryption With Verifiable Outsourced Decryption , 2014 .

[18]  Xiao Liu,et al.  Who Is Touching My Cloud , 2014, ESORICS.

[19]  Jin Li,et al.  Securely Outsourcing Attribute-Based Encryption with Checkability , 2014, IEEE Transactions on Parallel and Distributed Systems.

[20]  Tsz Hon Yuen,et al.  k-Times Attribute-Based Anonymous Access Control for Cloud Computing , 2015, IEEE Trans. Computers.

[21]  Xiaolei Dong,et al.  White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes , 2015, IEEE Transactions on Information Forensics and Security.

[22]  Rui Zhang,et al.  A Blockchain based Access Control System for Cloud Storage , 2019 .

[23]  Robert H. Deng,et al.  Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption , 2015, IEEE Transactions on Information Forensics and Security.

[24]  Xiaolei Dong,et al.  Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud , 2015, ESORICS.

[25]  Qixiang Mei,et al.  Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption , 2016, IEEE Transactions on Dependable and Secure Computing.

[26]  Hui Ma,et al.  Verifiable and Exculpable Outsourced Attribute-Based Encryption for Access Control in Cloud Computing , 2017, IEEE Transactions on Dependable and Secure Computing.