Multi-authority Attribute-Based Encryption with User Revocation and Outsourcing Decryption
01 Aug 2019-Vol. 1302, Iss: 2, pp 022026
TL;DR: It’s proved to be statically-secure under random oracle and the efficiency analysis shows that it reduces user decryption cost greatly.
Abstract: Attribute based encryption scheme is widely used to share sensitive data in cloud storage environment because it can realize fine-grained access control. Aiming at the problem of user revocation and high cost of decryption in cloud storage environment, a multi-authority attribute based encryption scheme with efficient user revocation and outsourcing decryption was proposed. It supports large universe. Each authority manages a specific set of attributes and distributes attribute keys to users with corresponding attributes, avoiding the problem that a single authority may easily become a system bottleneck. The user revocation algorithm of the scheme can realize the efficient revocation of the authorized users, ensuring the forward security of ciphertext. It's proved to be statically-secure under random oracle and the efficiency analysis shows that it reduces user decryption cost greatly
Citations
More filters
TL;DR: This work proposes a lightweight decentralized multiauthority access control scheme based on ciphertext-policy attribute-based encryption (CP-ABE and blockchain) and uses blockchain to record storage and access transactions, achieving self-verification by users and tamper-resistance of ciphertexts.
Abstract: The vehicular social network (VSN) is an emerging mobile communication system combining a vehicle ad hoc network (VANET) with a social network. It provides a new means of sharing, disseminating, and delivering data for passengers, drivers, and vehicles. However, a VSN may expose users’ private information, such as identities, location information, and trajectories, and tampering with shared data may lead to security and safety problems in vehicle systems. Considering the security and privacy preservation of shared data, we propose a lightweight decentralized multiauthority access control scheme based on ciphertext-policy attribute-based encryption (CP-ABE) and blockchain, by which a decentralized multiauthorization node supports vehicle users by performing lightweight calculations with the assistance of the vehicle cloud service provider (VCSP). We use blockchain to record storage and access transactions, achieving self-verification by users and tamper-resistance of ciphertexts. An improved smart contract reduces the workload of verification by users and achieves privacy preservation by hiding the policy. It supports user revocation and outsourced decryption, enabling more flexibility and better performance. A security and performance analysis shows that our scheme has clear advantages over existing schemes.
6 citations
TL;DR: Li et al. as mentioned in this paper proposed a lightweight multiauthority access control scheme based on ciphertext-policy attribute-based encryption (CP-ABE) and blockchain, by which a decentralized multi-authorization node supports vehicle users by performing lightweight calculations with the assistance of the vehicle cloud service provider.
Abstract: The vehicular social network (VSN) is an emerging mobile communication system combining a vehicle ad hoc network (VANET) with a social network. It provides a new means of sharing, disseminating, and delivering data for passengers, drivers, and vehicles. However, a VSN may expose users’ private information, such as identities, location information, and trajectories, and tampering with shared data may lead to security and safety problems in vehicle systems. Considering the security and privacy preservation of shared data, we propose a lightweight decentralized multiauthority access control scheme based on ciphertext-policy attribute-based encryption (CP-ABE) and blockchain, by which a decentralized multiauthorization node supports vehicle users by performing lightweight calculations with the assistance of the vehicle cloud service provider (VCSP). We use blockchain to record storage and access transactions, achieving self-verification by users and tamper-resistance of ciphertexts. An improved smart contract reduces the workload of verification by users and achieves privacy preservation by hiding the policy. It supports user revocation and outsourced decryption, enabling more flexibility and better performance. A security and performance analysis shows that our scheme has clear advantages over existing schemes.
6 citations
TL;DR: The experimental results prove that the IMFCC method has a strong anti-interference ability and is robust and has a high-success rate for clustering multitarget or different depth targets, which enables the IMF CC to be a reliable feature for unsupervised classification.
Abstract: Recently, passive detection technology has developed the ability to detect surface ships based on the noise emissions recorded by hydrophones, making it possible in some cases to classify surface ships. One of the most concerning issues with ships and underwater targets is the current lack of reliable features for unsupervised classification. To solve this problem, this paper proposes an improved Mel-frequency cepstral coefficients (IMFCC) feature for unsupervised clustering of marine targets. As the feature extraction of hydrophone signals rely on preprocessing, the IMFCC adds cyclic modulation spectrum (CMS) and cross-correlation bispectrum (CCB) in the preprocessing module before traditional the Mel-frequency cepstral coefficient process, and the principal component analysis (PCA) is added as the backend processing module. There are four contributions as follows: First, for IMFCC extraction, it combines the advantages of the CMS, CCB, MFCC, and PCA. Second, the two common unsupervised clusters, Gaussian mixture model (GMM) and fuzzy C-means are used to evaluate the CMS, CCB, and several MFCCs—MFCC-vector quantization (MFCC-VQ), MFCC-Gaussian mixture model (MFCC-GMM), TEO-MFCC (Teager Energy Operator based MFCC), and IMFCC. Third, the performances of traditional MFCC, Teager-energy operator (TEO)-MFCC, IMFCC, MFCC-VQ, and MFCC-GMM are discussed under different dimensions, signal-to-noise ratios, distances, and depths. Finally, the experimental results prove that the IMFCC method has a strong anti-interference ability and is robust and has a high-success rate for clustering multitarget or different depth targets, which enables the IMFCC to be a reliable feature for unsupervised classification.
5 citations
13 Dec 2022
TL;DR: In this paper , a multi-authority pairing-based revocable Ciphertext Policy Attribute Based Encryption (CPABE) scheme is proposed to revoke malicious users.
Abstract: Security concerns related to the cloud service model cannot be efficiently addressed using conventional cryptographic techniques. Therefore, Ciphertext Policy Attribute Based Encryption (CPABE) became the suitable choice for the data owners to enforce fine-grained access control. Even though the sensitive data resides with Cloud Service Provider (CSP), however, the data owner has complete control to determine who can access the data. CPABE schemes in existing work have been implemented either using single-authority or multi-authority systems. In this work, multi-authority pairing-based revocable CPABE schemes methodology has been thoroughly studied. The methodology adopted by the existing schemes to revoke malicious users has been analytically compared using various parameters. In addition, the approaches addressing change in users’ roles, privileges, or attributes have also been critically reviewed. Subsequently, the challenges and research gaps identified in the existing schemes have been outlined. Conclusively, in this study, the properties required in an efficient multi-authority pairing-based revocable CPABE framework have been presented as a possible solution to subdue the identified research gaps.
13 Dec 2022
TL;DR: In this article , a multi-authority pairing-based revocable Ciphertext Policy Attribute Based Encryption (CPABE) scheme is proposed to revoke malicious users.
Abstract: Security concerns related to the cloud service model cannot be efficiently addressed using conventional cryptographic techniques. Therefore, Ciphertext Policy Attribute Based Encryption (CPABE) became the suitable choice for the data owners to enforce fine-grained access control. Even though the sensitive data resides with Cloud Service Provider (CSP), however, the data owner has complete control to determine who can access the data. CPABE schemes in existing work have been implemented either using single-authority or multi-authority systems. In this work, multi-authority pairing-based revocable CPABE schemes methodology has been thoroughly studied. The methodology adopted by the existing schemes to revoke malicious users has been analytically compared using various parameters. In addition, the approaches addressing change in users’ roles, privileges, or attributes have also been critically reviewed. Subsequently, the challenges and research gaps identified in the existing schemes have been outlined. Conclusively, in this study, the properties required in an efficient multi-authority pairing-based revocable CPABE framework have been presented as a possible solution to subdue the identified research gaps.
References
More filters
22 May 2005
TL;DR: In this article, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.
Abstract: We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.
In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.
3,610 citations
Posted Content•
TL;DR: In this paper, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.
Abstract: We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.
In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.
3,128 citations
06 Mar 2011
TL;DR: A new methodology for realizing Ciphertext-Policy Attribute Encryption (CP-ABE) under concrete and noninteractive cryptographic assumptions in the standard model is presented.
Abstract: We present a new methodology for realizing Ciphertext-Policy Attribute Encryption (CP-ABE) under concrete and noninteractive cryptographic assumptions in the standard model Our solutions allow any encryptor to specify access control in terms of any access formula over the attributes in the system In our most efficient system, ciphertext size, encryption, and decryption time scales linearly with the complexity of the access formula The only previous work to achieve these parameters was limited to a proof in the generic group model
We present three constructions within our framework Our first system is proven selectively secure under a assumption that we call the decisional Parallel Bilinear Diffie-Hellman Exponent (PBDHE) assumption which can be viewed as a generalization of the BDHE assumption Our next two constructions provide performance tradeoffs to achieve provable security respectively under the (weaker) decisional Bilinear-Diffie-Hellman Exponent and decisional Bilinear Diffie-Hellman assumptions
1,444 citations
15 May 2011
TL;DR: In this paper, the authors proposed a multi-authority attribute-based encryption (ABE) system, where any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.
Abstract: We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. A party can simply act as an ABE authority by creating a public key and issuing private keys to different users that reflect their attributes. A user can encrypt data in terms of any boolean formula over attributes issued from any chosen set of authorities. Finally, our system does not require any central authority.
In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority "tied" together different components (representing different attributes) of a user's private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers.
We prove our system secure using the recent dual system encryption methodology where the security proof works by first converting the challenge ciphertext and private keys to a semi-functional form and then arguing security. We follow a recent variant of the dual system proof technique due to Lewko and Waters and build our system using bilinear groups of composite order. We prove security under similar static assumptions to the LW paper in the random oracle model.
1,005 citations
Posted Content•
TL;DR: In this paper, the authors proposed a multi-authority attribute-based encryption (ABE) system, where any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters.
Abstract: We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority and there is no requirement for any global coordination other than the creation of an initial set of common reference parameters. A party can simply act as an ABE authority by creating a public key and issuing private keys to different users that reflect their attributes. A user can encrypt data in terms of any boolean formula over attributes issued from any chosen set of authorities. Finally, our system does not require any central authority. In constructing our system, our largest technical hurdle is to make it collusion resistant. Prior Attribute-Based Encryption systems achieved collusion resistance when the ABE system authority “tied” together different components (representing different attributes) of a user’s private key by randomizing the key. However, in our system each component will come from a potentially different authority, where we assume no coordination between such authorities. We create new techniques to tie key components together and prevent collusion attacks between users with different global identifiers. We prove our system secure using the recent dual system encryption methodology where the security proof works by first converting the challenge ciphertext and private keys to a semi-functional form and then arguing security. We follow a recent variant of the dual system proof technique due to Lewko and Waters and build our system using bilinear groups of composite order. We prove security under similar static assumptions to the LW paper in the random oracle model.
829 citations