Searchable Encryption Cloud Storage with Dynamic Data Update to Support Efficient Policy Hiding

Ciphertext policy attribute based encryption(CP-ABE)can provide high finegrained access control for cloud storage.However,it needs to solve problems such as property privacy protection,ciphertext search and data update in the application process.Therefore,based on CP-ABE scheme,this paper proposes a dynamically updatable searchable encryption cloud storage(DUSECS)scheme.Using the characteristics of homomorphic encryption,the encrypted data is compared to achieve efficient hiding policy.Meanwhile,adopting linked list structure,the DUSECS scheme realizes the dynamic data update and integrity detection,and the search encryption against keyword guessing attacks is achieved by combining homomorphic encryption with aggregation algorithm.The analysis of security and performance shows that the scheme is secure and efficient.

MAVP-FE:Multi-Authority Vector Policy Functional Encryption with Efficient Encryption and Decryption

In cloud,data access control is a crucial way to ensure data security.Functional encryption(FE) is a novel cryptographic primitive supporting fine-grained access control of encrypted data in cloud.In FE,every ciphertext is specified with an access policy,a decryptor can access the data if and only if his secret key matches with the access policy.However,the FE cannot be directly applied to construct access control scheme due to the exposure of the access policy which may contain sensitive information.In this paper,we deal with the policy privacy issue and present a mechanism named multi-authority vector policy(MAVP) which provides hidden and expressive access policy for FE.Firstly,each access policy is encoded as a matrix and decryptors can only obtain the matched result from the matrix in MAVP.Then,we design a novel function encryption scheme based on the multi-authority spatial policy(MAVPFE),which can support privacy-preserving yet non-monotone access policy.Moreover,we greatly improve the efficiency of encryption and decryption in MAVP-FE by shifting the major computation of clients to the outsourced server.Finally,the security and performance analysis show that our MAVP-FE is secure and efficient in practice.

Fine-grained cooperative access control scheme with hidden policies

The traditional ciphertext policy attribute-based encryption(CP-ABE) has two problems: one is that the access policy must be embedded in the ciphertext and sent, which leads to the disclosure of user's privacy information, the other is that it does not support collaborative decryption, which cannot meet the actual demand of conditional collaborative decryption among multiple users. In order to deal with the above two problems at the same time, a fine-grained cooperative access control scheme with hidden policies(FCAC-HP) is proposed based on the existing CP-ABE schemes combined with blockchain technology. In FCAC-HP scheme, users are grouped by group identifier so that only users within the same group can cooperate. In the data encryption stage, the access policy is encrypted and then embedded in the ciphertext to protect the privacy information of the access policy. In the data access stage, the anonymous attribute matching technology is introduced so that only matched users can decrypt ciphertext data to improve the efficiency of the system. In this process, a smart contract is used to execute the verification algorithm to ensure the credibility of the results. In terms of security, FCAC-HP scheme is based on the prime subgroup discriminative assumption and is proved to be indistinguishable under chosen plaintext attack(CPA) by dual system encryption technology. Experimental verification and analysis show that FCAC-HP scheme improves computational efficiency while implementing complex functions.