Showing papers on "Attribute-based encryption published in 2015"

Simple Functional Encryption Schemes for Inner Products

Abstract: Functional encryption is a new paradigm in public-key encryption that allows users to finely control the amount of information that is revealed by a ciphertext to a given receiver. Recent papers have focused their attention on constructing schemes for general functionalities at expense of efficiency. Our goal, in this paper, is to construct functional encryption schemes for less general functionalities which are still expressive enough for practical scenarios. We propose a functional encryption scheme for the inner-product functionality, meaning that decrypting an encrypted vector \(\mathbf {x}\) with a key for a vector \(\mathbf {y}\) will reveal only \(\langle \mathbf {x},\mathbf {y} \rangle \) and nothing else, whose security is based on the DDH assumption. Despite the simplicity of this functionality, it is still useful in many contexts like descriptive statistics. In addition, we generalize our approach and present a generic scheme that can be instantiated, in addition, under the LWE assumption and offers various trade-offs in terms of expressiveness and efficiency.

Cyber-security enhancement of networked control systems using homomorphic encryption

Abstract: This paper proposes a new concept of controller encryption for enhancement of the cyber-security of networked control systems and presents how to encrypt a linear controller using our modified homomorphic encryption schemes based on public-key RSA and ElGamal encryption systems. A remarkable advantage of the controller encryption is to be able to conceal several informations processed inside the controller device, such as controller parameters, references (recipes), measurements, control commands, and parameters of plant models in the internal model principal, maintaining an original function of the controller. Therefore, even if malicious users hacked the controller device by unauthorized accesses, it would take much time and cost to decipher and steal the control system's information. Finally, numerical examples confirm that only the scrambled parameters and signals can be seen in the controller device of the security-enhanced networked control system.

Efficient Statically-Secure Large-Universe Multi-Authority Attribute-Based Encryption

Abstract: We propose an efficient large-universe multi-authority ciphertext - policy attribute-based encryption system. In a large-universe ABE scheme, any string can be used as an attribute of the system, and these attributes are not necessarily enumerated during setup. In a multi-authority ABE scheme, there is no central authority that distributes the keys to users. Instead, there are several authorities, each of which is responsible for the authorized key distribution of a specific set of attributes. Prior to our work, several schemes have been presented that satisfy one of these two properties but not both.

Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation

Abstract: Personal health record (PHR) service is an emerging model for health information exchange. In PHR systems, patient's health records and information are maintained by the patient himself through the Web. In reality, PHRs are often outsourced to be stored at the third parties like cloud service providers. However, there have been serious privacy concerns about cloud service as it may expose user's sensitive data like PHRs to those cloud service providers or unauthorized users. Using attribute-based encryption (ABE) to encrypt patient's PHRs in cloud environment, secure and flexible access control can be achieved. Yet, problems like scalability in key management, fine-grained access control, and efficient user revocation remain to be addressed. In this paper, we propose a privacy-preserving PHR, which supports fine-grained access control and efficient revocation. To be specific, our scheme achieves the goals (1) scalable and fine-grained access control for PHRs by using multi-authority ABE scheme, and (2) efficient on-demand user/attribute revocation and dynamic policy update. In our scheme, we consider the situation that multiple data owners exist, and patient's PHRs are encrypted and stored in semi-trust servers. The access structure in our scheme is expressive access tree structure, and the security of our scheme can be reduced to the standard decisional bilinear Diffie---Hellman assumption.

White-Box Traceable Ciphertext-Policy Attribute-Based Encryption Supporting Flexible Attributes

Abstract: Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control to the encrypted data for commercial applications. There has been significant progress in CP-ABE over the recent years because of two properties called traceability and large universe, greatly enriching the commercial applications of CP-ABE. Traceability is the ability of ABE to trace the malicious users or traitors who intentionally leak the partial or modified decryption keys for profits. Nevertheless, due to the nature of CP-ABE, it is difficult to identify the original key owner from an exposed key since the decryption privilege is shared by multiple users who have the same attributes. On the other hand, the property of large universe in ABE enlarges the practical applications by supporting flexible number of attributes. Several systems have been proposed to obtain either of the above properties. However, none of them achieve the two properties simultaneously in practice, which limits the commercial applications of CP-ABE to a certain extent. In this paper, we propose two practical large universe CP-ABE systems supporting white-box traceability. Compared with existing systems, both the two proposed systems have two advantages: 1) the number of attributes is not polynomially bounded and 2) malicious users who leak their decryption keys could be traced. Moreover, another remarkable advantage of the second proposed system is that the storage overhead for traitor tracing is constant, which are suitable for commercial applications.

Attribute-Based Encryption With Efficient Verifiable Outsourced Decryption

Abstract: Attribute-based encryption (ABE) with outsourced decryption not only enables fine-grained sharing of encrypted data, but also overcomes the efficiency drawback (in terms of ciphertext size and decryption cost) of the standard ABE schemes. In particular, an ABE scheme with outsourced decryption allows a third party (e.g., a cloud server) to transform an ABE ciphertext into a (short) El Gamal-type ciphertext using a public transformation key provided by a user so that the latter can be decrypted much more efficiently than the former by the user. However, a shortcoming of the original outsourced ABE scheme is that the correctness of the cloud server’s transformation cannot be verified by the user. That is, an end user could be cheated into accepting a wrong or maliciously transformed output. In this paper, we first formalize a security model of ABE with verifiable outsourced decryption by introducing a verification key in the output of the encryption algorithm. Then, we present an approach to convert any ABE scheme with outsourced decryption into an ABE scheme with verifiable outsourced decryption. The new approach is simple, general, and almost optimal. Compared with the original outsourced ABE, our verifiable outsourced ABE neither increases the user’s and the cloud server’s computation costs except some nondominant operations (e.g., hash computations), nor expands the ciphertext size except adding a hash value (which is et al .’s ciphertext-policy ABE scheme with outsourced decryption, and provide a detailed performance evaluation to demonstrate the advantages of our approach.

Efficient Public Key Encryption With Equality Test Supporting Flexible Authorization

Abstract: We reformalize and recast the notion of public key encryption with equality test (PKEET), which was proposed in CT-RSA 2010 and supports to check whether two ciphertexts encrypted under different public keys contain the same message. PKEET has many interesting applications, for example, in constructing searchable encryption and partitioning encrypted data. However, the original PKEET scheme lacks an authorization mechanism for a user to control the comparison of its ciphertexts with others’. In this paper, we study the authorization mechanism for PKEET, and propose four types of authorization policies to enhance the privacy of users’ data. We give the definitions of the policies, propose a PKEET scheme supporting these four types of authorization at the same time, and prove its security based on the computational Diffie–Hellman assumption in the random oracle model. To the best of our knowledge, it is the only PKEET scheme supporting flexible authorization.

Quantum Homomorphic Encryption for Circuits of Low T-gate Complexity

Abstract: Fully homomorphic encryption is an encryption method with the property that any computation on the plaintext can be performed by a party having access to the ciphertext only. Here, we formally define and give schemes for quantum homomorphic encryption, which is the encryption of quantum information such that quantum computations can be performed given the ciphertext only. Our schemes allow for arbitrary Clifford group gates, but become inefficient for circuits with large complexity, measured in terms of the non-Clifford portion of the circuit (we use the “\(\pi /8\)” non-Clifford group gate, also known as the \(\mathsf{T}\)-gate).

Improving Privacy and Security in Decentralized Ciphertext-Policy Attribute-Based Encryption

Abstract: In previous privacy-preserving multiauthority attribute-based encryption (PPMA-ABE) schemes, a user can acquire secret keys from multiple authorities with them knowing his/her attributes and furthermore, a central authority is required. Notably, a user’s identity information can be extracted from his/her some sensitive attributes. Hence, existing PPMA-ABE schemes cannot fully protect users’ privacy as multiple authorities can collaborate to identify a user by collecting and analyzing his attributes. Moreover, ciphertext-policy ABE (CP-ABE) is a more efficient public-key encryption, where the encryptor can select flexible access structures to encrypt messages. Therefore, a challenging and important work is to construct a PPMA-ABE scheme where there is no necessity of having the central authority and furthermore, both the identifiers and the attributes can be protected to be known by the authorities. In this paper, a privacy-preserving decentralized CP-ABE (PPDCP-ABE) is proposed to reduce the trust on the central authority and protect users’ privacy. In our PPDCP-ABE scheme, each authority can work independently without any collaboration to initial the system and issue secret keys to users. Furthermore, a user can obtain secret keys from multiple authorities without them knowing anything about his global identifier and attributes.

Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute-Based Encryption

Abstract: Cloud computing is a revolutionary computing paradigm, which enables flexible, on-demand, and low-cost usage of computing resources, but the data is outsourced to some cloud servers, and various privacy concerns emerge from it. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F , which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie–Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.

A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing

Abstract: Proxy Re-Encryption (PRE) is a useful cryptographic primitive that allows a data owner to delegate the access rights of the encrypted data stored on a cloud storage system to others without leaking the information of the data to the honest-but-curious cloud server. It provides effectiveness for data sharing as the data owner even using limited resource devices (e.g. mobile devices) can offload most of the computational operations to the cloud. Since its introduction many variants of PRE have been proposed. A Ciphertext-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE), which is regarded as a general notion for PRE, employs the PRE technology in the attribute-based encryption cryptographic setting such that the proxy is allowed to convert an encryption under an access policy to another encryption under a new access policy. CP-ABPRE is applicable to many network applications, such as network data sharing. The existing CP-ABPRE systems, however, leave how to achieve adaptive CCA security as an interesting open problem. This paper, for the first time, proposes a new CP-ABPRE to tackle the problem by integrating the dual system encryption technology with selective proof technique. Although the new scheme supporting any monotonic access structures is built in the composite order bilinear group, it is proven adaptively CCA secure in the standard model without jeopardizing the expressiveness of access policy. We further make an improvement for the scheme to achieve more efficiency in the re-encryption key generation and re-encryption phases. This paper proposes a new Ciphertext-Policy Attribute-Based Proxy Re-Encryption scheme.The scheme is proved adaptively chosen ciphertext secure by leveraging dual system encryption technology and selective proof technique.The paper also proposes an improvement for re-encryption key generation and re-encryption phases so as to reduce computational and communication cost.

Forward Secure Asynchronous Messaging from Puncturable Encryption

Abstract: In this paper we investigate new mechanisms for achieving forward secure encryption in store and forward messaging systems such as email and SMS. In a forward secure encryption scheme, a user periodically updates her secret key so that past messages remain confidential in the event that her key is compromised. A primary contribution of our work is to introduce a new form of encryption that we name puncturable encryption. Using a puncturable encryption scheme, recipients may repeatedly update their decryption keys to revoke decryption capability for selected messages, recipients or time periods. Most importantly, this update process does not require the recipients to communicate with or distribute new key material to senders. We show how to combine puncturable encryption with the forward-secure public key encryption proposal of Canetti et al. To achieve practical forward-secure messaging with low overhead. We implement our schemes and provide experimental evidence that the new constructions are practical.

Revisiting Attribute-Based Encryption With Verifiable Outsourced Decryption

Abstract: Attribute-based encryption (ABE) is a promising technique for fine-grained access control of encrypted data in a cloud storage, however, decryption involved in the ABEs is usually too expensive for resource-constrained front-end users, which greatly hinders its practical popularity. In order to reduce the decryption overhead for a user to recover the plaintext, Green et al. suggested to outsource the majority of the decryption work without revealing actually data or private keys. To ensure the third-party service honestly computes the outsourced work, Lai et al. provided a requirement of verifiability to the decryption of ABE, but their scheme doubled the size of the underlying ABE ciphertext and the computation costs. Roughly speaking, their main idea is to use a parallel encryption technique, while one of the encryption components is used for the verification purpose. Hence, the bandwidth and the computation cost are doubled. In this paper, we investigate the same problem. In particular, we propose a more efficient and generic construction of ABE with verifiable outsourced decryption based on an attribute-based key encapsulation mechanism, a symmetric-key encryption scheme and a commitment scheme. Then, we prove the security and the verification soundness of our constructed ABE scheme in the standard model. Finally, we instantiate our scheme with concrete building blocks. Compared with Lai et al. ’s scheme, our scheme reduces the bandwidth and the computation costs almost by half.

A novel image encryption scheme based on an improper fractional-order chaotic system

Abstract: Based on the features of digital image encryption and high-dimensional chaotic sequences, the paper proposes a symmetric digital image encryption algorithm by a new improper fractional-order chaotic system. The initial conditions, parameters and fractional orders of chaos are influenced by gray value of all pixels and used as secret key. Therefore, the total key length is large enough to resist any brute-force attacks. The original image is divided into four parts and encrypted by different encryption formulas. Theoretical analysis results show that the proposed encryption scheme has effective encryption and efficiencies.

GRECS: Graph Encryption for Approximate Shortest Distance Queries

Abstract: We propose graph encryption schemes that efficiently support approximate shortest distance queries on large-scale encrypted graphs. Shortest distance queries are one of the most fundamental graph operations and have a wide range of applications. Using such graph encryption schemes, a client can outsource large-scale privacy-sensitive graphs to an untrusted server without losing the ability to query it. Other applications include encrypted graph databases and controlled disclosure systems. We propose GRECS (stands for GRaph EnCryption for approximate Shortest distance queries) which includes three oracle encryption schemes that are provably secure against any semi-honest server. Our first construction makes use of only symmetric-key operations, resulting in a computationally-efficient construction. Our second scheme makes use of somewhat-homomorphic encryption and is less computationally-efficient but achieves optimal communication complexity (i.e. uses a minimal amount of bandwidth). Finally, our third scheme is both computationally-efficient and achieves optimal communication complexity at the cost of a small amount of additional leakage. We implemented and evaluated the efficiency of our constructions experimentally. The experiments demonstrate that our schemes are efficient and can be applied to graphs that scale up to 1.6 million nodes and 11 million edges.

Privacy-Preserving Ciphertext Multi-Sharing Control for Big Data Storage

Abstract: The need of secure big data storage service is more desirable than ever to date. The basic requirement of the service is to guarantee the confidentiality of the data. However, the anonymity of the service clients, one of the most essential aspects of privacy, should be considered simultaneously. Moreover, the service also should provide practical and fine-grained encrypted data sharing such that a data owner is allowed to share a ciphertext of data among others under some specified conditions. This paper, for the first time, proposes a privacy-preserving ciphertext multi-sharing mechanism to achieve the above properties. It combines the merits of proxy re-encryption with anonymous technique in which a ciphertext can be securely and conditionally shared multiple times without leaking both the knowledge of underlying message and the identity information of ciphertext senders/recipients. Furthermore, this paper shows that the new primitive is secure against chosen-ciphertext attacks in the standard model.

Dual System Encryption Framework in Prime-Order Groups.

Abstract: We propose a new generic framework for achieving fully secure attribute based encryption (ABE) in prime-order bilinear groups. It is generic in the sense that it can be applied to ABE for arbitrary predicate. All previously available frameworks that are generic in this sense are given only in composite-order bilinear groups, of which operations are known to be much less efficient than in prime-order ones for the same security level. These consist of the frameworks by Wee (TCC’14) and Attrapadung (Eurocrypt’14). Both provide abstractions of dual-system encryption techniques introduced by Waters (Crypto’09). Our framework can be considered as a prime-order version of Attrapadung’s framework and works in a similar manner: it relies on a main component called pair encodings, and it generically compiles any secure pair encoding scheme for a predicate in consideration to a fully secure ABE scheme for that predicate. One feature of our new compiler is that although the resulting ABE schemes will be newly defined in prime-order groups, we require essentially the same security notions of pair encodings as before. Beside the security of pair encodings, our framework assumes only the Matrix Diffie-Hellman assumption (Escala et al., Crypto’13), which is a weak assumption that includes the Decisional Linear assumption as a special case. As for its applications, we can plug in available pair encoding schemes and automatically obtain the first fully secure ABE realizations in prime-order groups for predicates of which only fully secure schemes in composite-order groups were known. These include ABE for regular languages, ABE for monotone span programs (and hence Boolean formulae) with short ciphertexts or keys, and completely unbounded ABE for monotone span programs. As a side result, we establish the first generic implication from ABE for monotone span programs to ABE for branching programs. This implies fully-secure ABE for branching programs in some new variants, namely, unbounded, short-ciphertext, and short-key. Previous schemes are bounded and require linear-size ciphertexts and keys.

Substring-Searchable Symmetric Encryption

Abstract: In this paper, we consider a setting where a client wants to outsource storage of a large amount of private data and then perform substring search queries on the data – given a data string s and a search string p, find all occurrences of p as a substring of s. First, we formalize an encryption paradigm that we call queryable encryption, which generalizes searchable symmetric encryption (SSE) and structured encryption. Then, we construct a queryable encryption scheme for substring queries. Our construction uses suffix trees and achieves asymptotic efficiency comparable to that of unencrypted suffix trees. Encryption of a string of length n takes O(λn) time and produces a ciphertext of size O(λn), and querying for a substring of length m that occurs k times takes O(λm + k) time and three rounds of communication. Our security definition guarantees correctness of query results and privacy of data and queries against a malicious adversary. Following the line of work started by Curtmola et al. (ACM CCS 2006), in order to construct more efficient schemes we allow the query protocol to leak some limited information that is captured precisely in the definition. We prove security of our substring-searchable encryption scheme against malicious adversaries, where the query protocol leaks limited information about memory access patterns through the suffix tree of the encrypted string.

Cryptanalysis and improvement of two hyper-chaos-based image encryption schemes

Abstract: As chaos-based image encryption developed, its security relies on two operations, permutation and diffusion. Some existing schemes in the literature are broken due to the failed design of either permutation or diffusion. An image encryption scheme based on hyper-chaos, proposed by Gao and Chen has undergone the scrutiny from research community and security weaknesses found. Its improvement by Rhouma and Belghith needs to be carefully examined. This paper points out that both of them suffer from the problem of low security-sensitivity to plain-image change. Thus, attackers can predict the order of permutation and the security of the cryptosystem only relies on the diffusion operation. This implies that security level is potentially degraded. In this paper, an improvement of the hyper-chaos-based image encryption scheme is proposed to fix the weakness in not only Gao and Chen?s but also that in Rhouma and Belghith?s modified approaches. Two image encryption schemes suffer from the problem of low security-sensitivity.An improvement is proposed to fix the weakness found.Confusion and diffusion are enhanced such that attacks are turned infeasible.

Efficient software implementation of ring-LWE encryption

Abstract: Present-day public-key cryptosystems such as RSA and Elliptic Curve Cryptography (ECC) will become insecure when quantum computers become a reality. This paper presents the new state of the art in efficient software implementations of a post-quantum secure public-key encryption scheme based on the ring-LWE problem. We use a 32-bit ARM Cortex-M4F microcontroller as the target platform. Our contribution includes optimization techniques for fast discrete Gaussian sampling and efficient polynomial multiplication. Our implementation beats all known software implementations of ring-LWE encryption by a factor of at least 7. We further show that our scheme beats ECC-based public-key encryption schemes by at least one order of magnitude. At medium-term security we require 121 166 cycles per encryption and 43 324 cycles per decryption, while at a long-term security we require 261 939 cycles per encryption and 96 520 cycles per decryption. Gaussian sampling is done at an average of 28.5 cycles per sample.

An effective ECC-based user access control scheme with attribute-based encryption for wireless sensor networks

Abstract: For critical applications, real-time data access is essential from the nodes inside a wireless sensor network WSN. Only the authorized users with unique access privilege should access the specific, but not all, sensing information gathered by the cluster heads in a hierarchical WSNs. Access rights for the correct information and resources for different services from the cluster heads to the genuine users can be provided with the help of efficient user access control mechanisms. In this paper, we propose a new user access control scheme with attribute-based encryption using elliptic curve cryptography in hierarchical WSNs. In attribute-based encryption, the ciphertexts are labeled with sets of attributes and secret keys of the users that are associated with their own access structures. The authorized users with the relevant set of attributes can able to decrypt the encrypted message coming from the cluster heads. Our scheme provides high security. Moreover, our scheme is efficient as compared with those for other existing user access control schemes. Through both the formal and informal security analysis, we show that our scheme has the ability to tolerate different known attacks required for a user access control designed for WSNs. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted automated validation of Internet security protocols and applications tool. The simulation results demonstrate that our scheme is secure. Copyright © 2014 John Wiley & Sons, Ltd.

A new general framework for secure public key encryption with keyword search

Abstract: Public Key Encryption with Keyword Search (PEKS), introduced by Boneh et al in Eurocrypt’04, allows users to search encrypted documents on an untrusted server without revealing any information This notion is very useful in many applications and has attracted a lot of attention by the cryptographic research community However, one limitation of all the existing PEKS schemes is that they cannot resist the Keyword Guessing Attack (KGA) launched by a malicious server In this paper, we propose a new PEKS framework named Dual-Server Public Key Encryption with Keyword Search (DS-PEKS) This new framework can withstand all the attacks, including the KGA from the two untrusted servers, as long as they do not collude We then present a generic construction of DS-PEKS using a new variant of the Smooth Projective Hash Functions (SPHFs), which is of independent interest

TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems

Abstract: Cloud-assisted e-healthcare systems significantly facilitate the patients to outsource their personal health information (PHI) for medical treatment of high quality and efficiency. Unfortunately, a series of unaddressed security and privacy issues dramatically impede its practicability and popularity. In e-healthcare systems, it is expected that only the primary physicians responsible for the patients treatment can not only access the PHI content but verify the real identity of the patient. Secondary physicians participating in medical consultation and/or research tasks, however, are only permitted to view or use the content of the protected PHI, while unauthorized entities cannot obtain anything. Existing work mainly focuses on patients conditional identity privacy by exploiting group signatures, which are very computationally costly. In this paper, we propose a white-box traceable and revocable multi-authority attribute-based encryption named TR-MABE to efficiently achieve multilevel privacy preservation without introducing additional special signatures. It can efficiently prevent secondary physicians from knowing the patients identity. Also, it can efficiently track the physicians who leak secret keys used to protect patients identity and PHI. Finally, formal security proof and extensive simulations demonstrate the effectiveness and practicability of our proposed TR-MABE in e-healthcare cloud computing systems.

On the Feasibility of Attribute-Based Encryption on Smartphone Devices

Abstract: Attribute-Based Encryption (ABE) is a powerful cryptographic tool that allows fine-grained access control over data. Due to its features, ABE has been adopted in several applications, such as encrypted storage or access control systems. Recently, researchers argued about the non acceptable performance of ABE when implemented on mobile devices. Indeed, the non feasibility of ABE on mobile devices would hinder the deployment of novel protocols and services- that could instead exploit the full potential of such devices. However, we believe the conclusion of non usability was driven by a not-very efficient implementation.In this paper, we want to shine a light on this concern by studying the feasibility of applying ABE on smartphone devices. In particular, we implemented AndrABEn, an ABE library for Android operating system. Our library is written in the C language and implements two main ABE schemes: Ciphertext-Policy Attribute-Based Encryption, and Key- Policy Attribute-Based Encryption. We also run a thorough set of experimental evaluation for AndrABEn, and compare it with the current state-of-the-art (considering the same experimental setting). The results confirm the possibility to effectively use ABE on smartphone devices, requiring an acceptable amount of resources in terms of computations and energy consumption. Since the current state-of-the-art claims the non feasibility of ABE on mobile devices, we believe that our study (together with the AndrABEn library that we made available online) is a key result that will pave the way for researchers and developers to design and implement novel protocols and applications for mobile devices.

From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services

Abstract: This paper addresses how to construct an RBAC-compatible secure cloud storage service with a user-friendly and easy-to-manage attribute-based access control (ABAC) mechanism. Similar to role hierarchies in RBAC, attribute hierarchies (considered as partial ordering relations) are introduced into attribute-based encryption (ABE) in order to define a seniority relation among all values of an attribute, whereby a user holding senior attribute values acquires permissions of his/her juniors. Based on these notations, we present a new ABE scheme called attribute-based encryption with attribute hierarchies (ABE-AH) to provide an efficient approach to implement comparison operations between attribute values on a poset derived from an attribute lattice. By using bilinear groups of a composite order, we present a practical construction of ABE-AH based on forward and backward derivation functions. Compared with prior solutions, our scheme offers a compact policy representation approach that can significantly reduce the size of private-keys and ciphertexts. To demonstrate how to use the presented solution, we illustrate how to provide richer expressive access policies to facilitate flexible access control for data access services in clouds.