Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data ...Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.展开更多
Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems...Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems. Moreover, such systems create security issues whileefficiently using IoT and Cloud Computing technologies. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has the potential to make IoT datamore secure and reliable in various cloud storage services. Cloud-assisted IoTssuffer from two privacy issues: access policies (public) and super polynomialdecryption times (attributed mainly to complex access structures). We havedeveloped a CP-ABE scheme in alignment with a Hidden HierarchyCiphertext-Policy Attribute-Based Encryption (HH-CP-ABE) access structure embedded within two policies, i.e., public policy and sensitive policy.In this proposed scheme, information is only revealed when the user’sinformation is satisfactory to the public policy. Furthermore, the proposedscheme applies to resource-constrained devices already contracted tasks totrusted servers (especially encryption/decryption/searching). Implementingthe method and keywords search resulted in higher access policy privacy andincreased security. The new scheme introduces superior storage in comparisonto existing systems (CP-ABE, H-CP-ABE), while also decreasing storage costsin HH-CP-ABE. Furthermore, a reduction in time for key generation canalso be noted.Moreover, the scheme proved secure, even in handling IoT datathreats in the Decisional Bilinear Diffie-Hellman (DBDH) case.展开更多
In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficien...In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.展开更多
For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge...For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.展开更多
This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.B...This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.展开更多
基金This research is funded by Science and Technology Program of Guangzhou(Grant No.201707010358).
文摘Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.
文摘Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems. Moreover, such systems create security issues whileefficiently using IoT and Cloud Computing technologies. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has the potential to make IoT datamore secure and reliable in various cloud storage services. Cloud-assisted IoTssuffer from two privacy issues: access policies (public) and super polynomialdecryption times (attributed mainly to complex access structures). We havedeveloped a CP-ABE scheme in alignment with a Hidden HierarchyCiphertext-Policy Attribute-Based Encryption (HH-CP-ABE) access structure embedded within two policies, i.e., public policy and sensitive policy.In this proposed scheme, information is only revealed when the user’sinformation is satisfactory to the public policy. Furthermore, the proposedscheme applies to resource-constrained devices already contracted tasks totrusted servers (especially encryption/decryption/searching). Implementingthe method and keywords search resulted in higher access policy privacy andincreased security. The new scheme introduces superior storage in comparisonto existing systems (CP-ABE, H-CP-ABE), while also decreasing storage costsin HH-CP-ABE. Furthermore, a reduction in time for key generation canalso be noted.Moreover, the scheme proved secure, even in handling IoT datathreats in the Decisional Bilinear Diffie-Hellman (DBDH) case.
基金Supported by the National Natural Science Foundation of China(61272488)Science and Technology on Information Assurance Laboratory(KJ-15-006)Fundamental and Frontier Technology Research of Henan Province(162300410192)
文摘In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.
基金supported in part by the Nature Science Foundation of China (61472307, 61402112, 61100165, 61100231)Natural Science Basic Research Plan in Shaanxi Province of China (2016JM6004)
文摘For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.
文摘This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.
