Journal ArticleDOI
Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing
TLDR
This article provides a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system that can withstand collusion attack performed by revoked users cooperating with existing users and proves the security of the scheme under the divisible computation Diffie-Hellman assumption.Abstract:
With the development of cloud computing, outsourcing data to cloud server attracts lots of attentions. To guarantee the security and achieve flexibly fine-grained file access control, attribute based encryption (ABE) was proposed and used in cloud storage system. However, user revocation is the primary issue in ABE schemes. In this article, we provide a ciphertext-policy attribute based encryption (CP-ABE) scheme with efficient user revocation for cloud storage system. The issue of user revocation can be solved efficiently by introducing the concept of user group. When any user leaves, the group manager will update users’ private keys except for those who have been revoked. Additionally, CP-ABE scheme has heavy computation cost, as it grows linearly with the complexity for the access structure. To reduce the computation cost, we outsource high computation load to cloud service providers without leaking file content and secret keys. Notably, our scheme can withstand collusion attack performed by revoked users cooperating with existing users. We prove the security of our scheme under the divisible computation Diffie-Hellman assumption. The result of our experiment shows computation cost for local devices is relatively low and can be constant. Our scheme is suitable for resource constrained devices.read more
Citations
More filters
Journal ArticleDOI
Revocable Attribute-Based Data Storage in Mobile Clouds
TL;DR: Li et al. as mentioned in this paper proposed a revocable attribute-based data storage (RADS) scheme equipped with several attracting features, such as a fine-grained access control mechanism, by which file owners do not need to explicitly specify authorized visitors to their outsourced files, and the revocation of RADS achieves a strong data protection, i.e., revoked users can access neither newly uploaded files nor old ones.
Book ChapterDOI
A novel privacy-preserving decentralized ciphertext-policy attribute-based encryption with anonymous key generation
Hongjian Yin,Leyou Zhang,Yi Mu +2 more
TL;DR: This work proposes an improved privacy-preserving decentralized CP-ABE scheme with anonymous key generation protocol, where it can prevent authorities from learning any information about user’s both GID and attributes.
Secure Cloudlet-Based eHealth Big Data System With Fine-Grained Access Control and Outsourcing Decryption from ABE
TL;DR: A Cloudlet-Based eHealth Big Data System with Outsourced Decryption (CBe-BDS-OD) to address the above challenges and indicates a substantial improvement in computation efficiency by 99% and therefore the scheme can be deployed in resource-constrained mobile devices.
Journal ArticleDOI
An enhanced media ciphertext-policy attribute-based encryption algorithm on media cloud:
TL;DR: Security analysis shows that enhanced media ciphertext-policy attribute-based encryption can successfully resist chosen-plaintext attacks under the decisional bilinear Diffie–Hellman assumption and expression of the access control structure on media cloud can be further improved.
Journal ArticleDOI
PRShare: A Framework for Privacy-preserving, Interorganizational Data Sharing
Lihi Idan,Joan Feigenbaum +1 more
TL;DR: The novel technique of Attribute-Based Encryption with Oblivious Attribute Translation (OTABE) is introduced, which plays a crucial role in the solution to the task of interorganizational data sharing and it is proved that the OTABE-based framework is secure in the standard model and provides two real-world use cases.
References
More filters
Journal ArticleDOI
Identity-Based Encryption from the Weil Pairing
Dan Boneh,Matthew K. Franklin +1 more
TL;DR: This work proposes a fully functional identity-based encryption (IBE) scheme based on bilinear maps between groups and gives precise definitions for secure IBE schemes and gives several applications for such systems.
Proceedings ArticleDOI
Ciphertext-Policy Attribute-Based Encryption
TL;DR: A system for realizing complex access control on encrypted data that is conceptually closer to traditional access control methods such as role-based access control (RBAC) and secure against collusion attacks is presented.
Proceedings ArticleDOI
Attribute-based encryption for fine-grained access control of encrypted data
TL;DR: This work develops a new cryptosystem for fine-grained sharing of encrypted data that is compatible with Hierarchical Identity-Based Encryption (HIBE), and demonstrates the applicability of the construction to sharing of audit-log information and broadcast encryption.
Book ChapterDOI
Fuzzy identity-based encryption
Amit Sahai,Brent Waters +1 more
TL;DR: In this article, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.
Posted Content
Fuzzy Identity Based Encryption.
Amit Sahai,Brent Waters +1 more
TL;DR: In this paper, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.