scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing

01 Sep 2017-IEEE Transactions on Services Computing (IEEE)-Vol. 10, Iss: 5, pp 785-796
TL;DR: This article provides a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system that can withstand collusion attack performed by revoked users cooperating with existing users and proves the security of the scheme under the divisible computation Diffie-Hellman assumption.
Abstract: With the development of cloud computing, outsourcing data to cloud server attracts lots of attentions. To guarantee the security and achieve flexibly fine-grained file access control, attribute based encryption (ABE) was proposed and used in cloud storage system. However, user revocation is the primary issue in ABE schemes. In this article, we provide a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system. The issue of user revocation can be solved efficiently by introducing the concept of user group. When any user leaves, the group manager will update users’ private keys except for those who have been revoked. Additionally, CP-ABE scheme has heavy computation cost, as it grows linearly with the complexity for the access structure. To reduce the computation cost, we outsource high computation load to cloud service providers without leaking file content and secret keys. Notably, our scheme can withstand collusion attack performed by revoked users cooperating with existing users. We prove the security of our scheme under the divisible computation Diffie-Hellman assumption. The result of our experiment shows computation cost for local devices is relatively low and can be constant. Our scheme is suitable for resource constrained devices.
Citations
More filters
Journal ArticleDOI
TL;DR: This work formalizes the definition and security model, which model collusion attack executed by the existing users cooperating with the revoked users, and presents a user collusion avoidance ciphertext-policy ABE scheme with efficient attribute revocation for the cloud storage system.
Abstract: Attribute-based encryption (ABE) can guarantee confidentiality and achieve fine-grained data access control in a cloud storage system. Due to the fact that every attribute in ABE may be shared by multiple users and each user holds multiple attributes, any single-attribute revocation for some user may affect the other users with the same attribute in the system. Therefore, how to revoke attribute efficiently is an important and challenging problem in ABE schemes. In order to solve above problems, we first give a concrete attack to the existing ABE scheme with attribute revocation. Then, we formalize the definition and security model, which model collusion attack executed by the existing users cooperating with the revoked users. Finally, we present a user collusion avoidance ciphertext-policy ABE scheme with efficient attribute revocation for the cloud storage system. The problem of attribute revocation is solved efficiently by exploiting the concept of an attribute group. When an attribute is revoked from a user, the group manager updates other users’ secret keys. Furthermore, we prove that the proposed scheme is secure against collusion attack launched by the existing users and the revoked users. The security of the proposed scheme is reduced to the computational Diffie–Hellman assumption.

169 citations

Journal ArticleDOI
TL;DR: The technique of certificateless signature is utilized to present a new RDPC protocol for checking the integrity of data shared among a group and the security of the scheme is reduced to the assumptions of computational Diffie-Hellman (CDH) and discrete logarithm (DL).
Abstract: Cloud storage service supplies people with an efficient method to share data within a group. The cloud server is not trustworthy, so lots of remote data possession checking (RDPC) protocols are proposed and thought to be an effective way to ensure the data integrity. However, most of RDPC protocols are based on the mechanism of traditional public key infrastructure (PKI), which has obvious security flaw and bears big burden of certificate management. To avoid this shortcoming, identity-based cryptography (IBC) is often chosen to be the basis of RDPC. Unfortunately, IBC has an inherent drawback of key escrow. To solve these problems, we utilize the technique of certificateless signature to present a new RDPC protocol for checking the integrity of data shared among a group. In our scheme, user's private key includes two parts: a partial key generated by the group manager and a secret value chosen by herself/himself. To ensure the right public keys are chosen during the data integrity checking, the public key of each user is associated with her unique identity, for example the name or telephone number. Thus, the certificate is not needed and the problem of key escrow is eliminated too. Meanwhile, the data integrity can still be audited by public verifier without downloading the whole data. In addition, our scheme also supports efficient user revocation from the group. The security of our scheme is reduced to the assumptions of computational Diffie-Hellman (CDH) and discrete logarithm (DL). Experiment results exhibit that the new protocol is very efficient and feasible.

130 citations

Journal ArticleDOI
TL;DR: An ABE scheme with verifiable outsourced decryption is proposed, which can simultaneously check the correctness for transformed ciphertext for the authorized users and unauthorized users and is proved to be selective CPA-secure in the standard model.
Abstract: Attribute based encryption (ABE) is a popular cryptographic technology to protect the security of users’ data. However, the decryption cost and ciphertext size restrict the application of ABE in practice. For most existing ABE schemes, the decryption cost and ciphertext size grow linearly with the complexity of access structure. This is undesirable to the devices with limited computing capability and storage space. Outsourced decryption is considered as a feasible method to reduce the user's decryption overhead, which enables a user to outsource a large number of decryption operations to the cloud service provider (CSP). However, outsourced decryption cannot guarantee the correctness of transformation done by the cloud, so it is necessary to check the correctness of outsourced decryption to ensure security for users’ data. Current research mainly focuses on verifiability of outsourced decryption for the authorized users. It still remains a challenging issue that how to guarantee the correctness of outsourced decryption for unauthorized users. In this paper, we propose an ABE scheme with verifiable outsourced decryption (called full verifiability for outsourced decryption), which can simultaneously check the correctness for transformed ciphertext for the authorized users and unauthorized users. The proposed ABE scheme with verifiable outsourced decryption is proved to be selective CPA-secure in the standard model.

126 citations

Journal ArticleDOI
TL;DR: This paper provides a new efficient RDPC protocol based on homomorphic hash function that is provably secure against forgery attack, replace attack, and replay attack based on a typical security model and gives a new optimized implementation for the ORT, which makes the cost of accessing ORT nearly constant.
Abstract: As an important application in cloud computing, cloud storage offers user scalable, flexible, and high-quality data storage and computation services. A growing number of data owners choose to outsource data files to the cloud. Because cloud storage servers are not fully trustworthy, data owners need dependable means to check the possession for their files outsourced to remote cloud servers. To address this crucial problem, some remote data possession checking (RDPC) protocols have been presented. But many existing schemes have vulnerabilities in efficiency or data dynamics. In this paper, we provide a new efficient RDPC protocol based on homomorphic hash function. The new scheme is provably secure against forgery attack, replace attack, and replay attack based on a typical security model. To support data dynamics, an operation record table (ORT) is introduced to track operations on file blocks. We further give a new optimized implementation for the ORT, which makes the cost of accessing ORT nearly constant. Moreover, we make the comprehensive performance analysis, which shows that our scheme has advantages in computation and communication costs. Prototype implementation and experiments exhibit that the scheme is feasible for real applications.

124 citations


Cites background from "Flexible and Fine-Grained Attribute..."

  • ...Although some security problems have been solved [3]–10], the important challenges of data tampering and data lost are still existing in cloud storage....

    [...]

Journal ArticleDOI
TL;DR: A Lightweight Fine-Grained ciphertexts Search (LFGS) system in fog computing is presented by extending Ciphertext-Policy Attribute-Based Encryption and Searchable Encryption technologies, which can achieve fine-grained access control and keyword search simultaneously.
Abstract: Fog computing, as an extension of cloud computing, outsources the encrypted sensitive data to multiple fog nodes on the edge of Internet of Things (IoT) to decrease latency and network congestion. However, the existing ciphertext retrieval schemes rarely focus on the fog computing environment and most of them still impose high computational and storage overhead on resource-limited end users. In this paper, we first present a Lightweight Fine-Grained ciphertexts Search (LFGS) system in fog computing by extending Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Searchable Encryption (SE) technologies, which can achieve fine-grained access control and keyword search simultaneously. The LFGS can shift partial computational and storage overhead from end users to chosen fog nodes. Furthermore, the basic LFGS system is improved to support conjunctive keyword search and attribute update to avoid returning irrelevant search results and illegal accesses. The formal security analysis shows that the LFGS system can resist Chosen-Keyword Attack (CKA) and Chosen-Plaintext Attack (CPA), and the simulation using a real-world dataset demonstrates that the LFGS system is efficient and feasible in practice.

111 citations


Cites background from "Flexible and Fine-Grained Attribute..."

  • ...THE promising cloud computing [1] paradigm can provide on-demand services with elastic resources and...

    [...]

References
More filters
Journal ArticleDOI
TL;DR: This work proposes a fully functional identity-based encryption (IBE) scheme based on bilinear maps between groups and gives precise definitions for secure IBE schemes and gives several applications for such systems.
Abstract: We propose a fully functional identity-based encryption (IBE) scheme. The scheme has chosen ciphertext security in the random oracle model assuming a variant of the computational Diffie--Hellman problem. Our system is based on bilinear maps between groups. The Weil pairing on elliptic curves is an example of such a map. We give precise definitions for secure IBE schemes and give several applications for such systems.

5,110 citations

Proceedings ArticleDOI
20 May 2007
TL;DR: A system for realizing complex access control on encrypted data that is conceptually closer to traditional access control methods such as role-based access control (RBAC) and secure against collusion attacks is presented.
Abstract: In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call ciphertext-policy attribute-based encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous attribute-based encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as role-based access control (RBAC). In addition, we provide an implementation of our system and give performance measurements.

4,364 citations


"Flexible and Fine-Grained Attribute..." refers background or methods in this paper

  • ...Presently, ABE mainly includes two categories called ciphertext-policy ABE (CP-ABE) [4] and key-policy ABE (KP-ABE) [5]....

    [...]

  • ...In [4], [5], the function attðxÞ is used to represent the attribute associated with the leaf node x of the tree....

    [...]

  • ...A basic CP-ABE scheme [4] concludes the following funda-...

    [...]

  • ...We use the same notation as [4], [5] to describe the access trees....

    [...]

  • ...Before describing our scheme, we review the concept of access tree proposed in [4], [5]....

    [...]

Proceedings ArticleDOI
30 Oct 2006
TL;DR: This work develops a new cryptosystem for fine-grained sharing of encrypted data that is compatible with Hierarchical Identity-Based Encryption (HIBE), and demonstrates the applicability of the construction to sharing of audit-log information and broadcast encryption.
Abstract: As more sensitive data is shared and stored by third-party sites on the Internet, there will be a need to encrypt data stored at these sites. One drawback of encrypting data, is that it can be selectively shared only at a coarse-grained level (i.e., giving another party your private key). We develop a new cryptosystem for fine-grained sharing of encrypted data that we call Key-Policy Attribute-Based Encryption (KP-ABE). In our cryptosystem, ciphertexts are labeled with sets of attributes and private keys are associated with access structures that control which ciphertexts a user is able to decrypt. We demonstrate the applicability of our construction to sharing of audit-log information and broadcast encryption. Our construction supports delegation of private keys which subsumesHierarchical Identity-Based Encryption (HIBE).

4,257 citations


"Flexible and Fine-Grained Attribute..." refers background or methods in this paper

  • ...Presently, ABE mainly includes two categories called ciphertext-policy ABE (CP-ABE) [4] and key-policy ABE (KP-ABE) [5]....

    [...]

  • ...It is contrary in KP-ABE....

    [...]

  • ...CP-ABE is more suitable for the outsourcing data architecture than KP-ABE because the access policy is defined by the data owners....

    [...]

  • ...In order to protect privacy of the user, Han et al. [20] presented a decentralized KP-ABE scheme with privacypreserving....

    [...]

  • ...Boldyreva et al. [9] presented an IBE scheme with efficient revocation, which is also suitable for KP-ABE....

    [...]

Book ChapterDOI
22 May 2005
TL;DR: In this article, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.
Abstract: We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”. In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.

3,610 citations

Posted Content
TL;DR: In this paper, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.
Abstract: We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”. In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.

3,128 citations