Showing papers on "Attribute-based encryption published in 2020"

Attribute-Based Encryption With Parallel Outsourced Decryption for Edge Intelligent IoV

Abstract: Edge intelligence is an emerging concept referring to processes in which data are collected and analyzed and insights are delivered close to where the data are captured in a network using a selection of advanced intelligent technologies. As a promising solution to solve the problems of insufficient computing capacity and transmission latency, the edge intelligence-empowered Internet of Vehicles (IoV) is being widely investigated in both academia and industry. However, data sharing security in edge intelligent IoV is a challenge that should be solved with priority. Although attribute-based encryption (ABE) is capable of addressing this challenge, many time-consuming modular exponential operations and bilinear pair operations as well as serial computing cause ABE to have a slow decryption speed. Consequently, it cannot address the response time requirement of edge intelligent IoV. Given this problem, an ABE model with parallel outsourced decryption for edge intelligent IoV, called ABEM-POD , is proposed. It includes a generic parallel outsourced decryption method for ABE based on Spark and MapReduce. This method is applicable to all ABE schemes with a tree access structure and can be applied to edge intelligent IoV. Any ABE scheme based on the proposed model not only supports parallel outsourced decryption but also has the same security as the original scheme. In this paper, ABEM-POD has been applied to three representative ABE schemes, and the experiments show that the proposed ABEM-POD is efficient and easy to use. This approach can significantly improve the speed of outsourced decryption to address the response time requirement for edge intelligent IoV.

Full Verifiability for Outsourced Decryption in Attribute Based Encryption

Abstract: Attribute based encryption (ABE) is a popular cryptographic technology to protect the security of users’ data. However, the decryption cost and ciphertext size restrict the application of ABE in practice. For most existing ABE schemes, the decryption cost and ciphertext size grow linearly with the complexity of access structure. This is undesirable to the devices with limited computing capability and storage space. Outsourced decryption is considered as a feasible method to reduce the user's decryption overhead, which enables a user to outsource a large number of decryption operations to the cloud service provider (CSP). However, outsourced decryption cannot guarantee the correctness of transformation done by the cloud, so it is necessary to check the correctness of outsourced decryption to ensure security for users’ data. Current research mainly focuses on verifiability of outsourced decryption for the authorized users. It still remains a challenging issue that how to guarantee the correctness of outsourced decryption for unauthorized users. In this paper, we propose an ABE scheme with verifiable outsourced decryption (called full verifiability for outsourced decryption), which can simultaneously check the correctness for transformed ciphertext for the authorized users and unauthorized users. The proposed ABE scheme with verifiable outsourced decryption is proved to be selective CPA-secure in the standard model.

A Novel Approach to View and Modify Data in Cloud Environment Using Attribute-Based Encryption

Abstract: The Big data and cloud integration is a challenging Task. To enhance the data security issues, ABE can be deployed. In proposed model, a improved concept has been implemented and the integration of cloud and Big data is achieved. Security is the major threat for cloud computing applications. Every user has to feed user name, password, and primary key for Data access into the cloud data center. Data owner generates a new key to the users for accessing the data. Policy updating is also implemented in the proposed system, that is the accountability for the data access has also been implemented. In case of the change of policy, the altered data stored in the cloud is not affected. In addition to that, admin generates policy key based on the user’s profile. If any user tries to misbehave, an immediate alert is sent to the data owner. Data owner can change the policy key and access policy in the run time. Our system should be able to update its policy automatically.

MedSBA: a novel and secure scheme to share medical data based on blockchain technology and attribute-based encryption

Abstract: The development of Electronic Information Technology has made the Electronic Medical Record a commonly used approach to recording and categorizing medical patient data in databases of different hospitals and medical entities so that controlling the shared data is not possible for patients at all. The importance of medical data as possessions of people and the system leads us to be concerned about its security, privacy, and accessibility. How to store and controlling access to medical information is of the most important challenges in the electronic health area. The present paper provides a new, secure, and efficient scheme based on blockchain technology and attribute-based encryption entitled “MedSBA” to record and store medical data, indicating that our proposed scheme protects user privacy and allows fine-grain access control of medical patient data based on General Data Protection Regulation (GDPR). Private blockchains are used in MedSBA to improve the right to revoke instant access which is of the attribute-based encryption challenges. The security and functionality of our proposed scheme are proved within a formal model and based on BAN logic, respectively; simulating the MedSBA scheme in the OPNET software as well as examining its computational complexity and storage indicates the efficiency of the present scheme.

Attribute Based Encryption with Privacy Protection and Accountability for CloudIoT

Abstract: The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this work, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is very much suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform by using ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

A Traceable and Revocable Ciphertext-policy Attribute-based Encryption Scheme Based on Privacy Protection

Abstract: Considered as a promising fine-grained access control mechanism for data sharing without a centralized trusted third-party, the access policy in a plaintext form may reveal sensitive information in the traditional CP-ABE method. To address this issue, a hidden policy needs to be applied to the CP-ABE scheme, as the identity of a user cannot be accurately confirmed when the decryption key is leaked, so the malicious user is traced and revoked as demanded. In this paper, a CP-ABE scheme that realizes revocation, white-box traceability, and the application of hidden policy is proposed, and such ciphertext is composed of two parts. One is related to the access policy encrypted by the attribute value, and only the attribute name is evident in the access policy. Another is related to the revocation information and updated when revoking, where the revocation information is generated by the binary tree related to users. The leaf node value of a binary tree in the decryption key is used to trace the malicious user. From experimental results, it is shown that the proposed scheme is proven to be IND-CPA secure under the chosen plaintext attacks and selective access policy based on the decisional q-BDHE assumption in the standard model, efficient, and promising.

BC-SABE: Blockchain-Aided Searchable Attribute-Based Encryption for Cloud-IoT

Abstract: The Internet of Things (IoT) changed our lives with huge amounts of data production. Due to source-limited IoT devices, one of the best ways to process the data is cloud storage. However, a series of security and privacy issues arise, such as illegal data access, data tampering, and privacy leak. Though symmetric encryption can guarantee data confidentiality, it cannot realize fine-grained data sharing and searching. The keyword-based searchable attribute-based encryption (KSABE) can achieve data confidentiality and fine-grained access control. More importantly, it realizes a keyword-based search for data users. However, the heavy decryption computation burden and the management of massive user keys appear when implementing attribute-based encryption schemes to IoT. Therefore, this article proposes a blockchain-aided searchable attribute-based encryption (BC-SABE) with efficient revocation and decryption, where the traditional centralized server is replaced with a decentralized blockchain system being in charge of the threshold parameter generation, key management, and user revocation. All revocation tasks are done by the blockchain and it is on longer necessary for ciphertext reencryption and key update. Moreover, users utilize the coalition blockchain to generate partial tokens. Besides, the cloud server contained in our scheme not only stores the massive encrypted data but also performs search and predecryption for users who only require one exponentiation in the group ${\mathbb {G}}$ to decrypt fully. Security analyses prove that our scheme realizes the security under the chosen plaintext attack and the chosen keyword attack. Simulations show that the decryption and token generation cost of our scheme are preferable.

Privacy-Preserving Data Processing with Flexible Access Control

Abstract: Cloud computing provides an efficient and convenient platform for cloud users to store, process and control their data. Cloud overcomes the bottlenecks of resource-constrained user devices and greatly releases their storage and computing burdens. However, due to the lack of full trust in cloud service providers, the cloud users generally prefer to outsource their sensitive data in an encrypted form, which, however, seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in an efficient way and at the same time flexibly control the access to data processing results has been an important challenging issue. In this paper, we propose a privacy-preserving data processing scheme with flexible access control. With the cooperation of a data service provider (DSP) and a computation party (CP), our scheme, based on Paillier's partial homomorphic encryption (PHE), realizes seven basic operations, i.e., Addition , Subtraction , Multiplication , Sign Acquisition , Absolute , Comparison , and Equality Test , over outsourced encrypted data . In addition, our scheme, based on the homomorphism of attribute-based encryption (ABE), is also designed to support flexible access control over processing results of encrypted data. We further prove the security of our scheme and demonstrate its efficiency and advantages through simulations and comparisons with existing work.

Efficient Decentralized Attribute Based Access Control for Mobile Clouds

Abstract: Fine grained access control is a requirement for data stored in untrusted servers like clouds. Owing to the large volume of data, decentralized key management schemes are preferred over centralized ones. Often encryption and decryption are quite expensive and not practical when users access data from resource constrained devices. We propose a decentralized attribute based encryption (ABE) scheme with fast encryption, outsourced decryption and user revocation. Our scheme is very specific to the context of mobile cloud as the storage of encrypted data and the partial decryption of ciphertexts are dependent on the cloud and users with mobile devices can upload data to the cloud or access data from it by incurring very little cost for encryption and decryption respectively. The main idea is to divide the encryption into two phases, offline preprocessing phase which is done when the device is otherwise not in use and an online phase when the data is actually encrypted with the policy. This makes encryption faster and more efficient than existing decentralized ABE schemes. For decryption outsourcing, data users need to generate a transformed version of the decryption key allowing an untrusted proxy server to partially decrypt the ciphertext without gaining any information about the plaintext. Data users can then fully decrypt the partially decrypted ciphertext without performing any costly pairing operations. We also introduce user revocation in this scheme without incurring too much additional cost in the online phase. Comparison with other ABE schemes shows that our scheme significantly reduces computation times for both data owners and data users and highly suitable for use in mobile devices.

Design of Secure Authentication Protocol for Cloud-Assisted Telecare Medical Information System Using Blockchain

Abstract: Telecare medical information system (TMIS) implemented in wireless body area network (WBAN) is convenient and time-saving for patients and doctors. TMIS is realized using wearable devices worn by a patient, and wearable devices generate patient health data and transmit them to a server through a public channel. Unfortunately, a malicious attacker can attempt performing various attacks through such a channel. Therefore, establishing a secure authentication process between a patient and a server is essential. Moreover, wearable devices have limited storage power. Cloud computing can be considered to resolve this problem by providing a storage service in the TMIS environment. In this environment, access control of the patient health data is essential for the quality of healthcare. Furthermore, the database of the cloud server is a major target for an attacker. The attacker can try to modify, forge, or delete the stored data. To resolve these problems, we propose a secure authentication protocol for a cloud-assisted TMIS with access control using blockchain. We employ ciphertext-policy attribute-based encryption (CP-ABE) to establish access control for health data stored in the cloud server, and apply blockchain to guarantee data integrity. To prove robustness of the proposed protocol, we conduct informal analysis and Burrows-Adabi-Needham (BAN) logic analysis, and we formally validate the proposed protocol using automated validation of internet security protocols and applications (AVISPA). Consequently, we show that the proposed protocol provides more security and has better efficiency compared to related protocols. Therefore, the proposed protocol is proper for a practical TMIS environment.

Multi-Value-Independent Ciphertext-Policy Attribute Based Encryption with Fast Keyword Search

Abstract: ABKS has drawn much attention from research and industry in recent years, an ABKS scheme is an encryption scheme that supports keyword search and access control. Attribute-Based Encryption is a public key encryption that enables users to encrypt and decrypt message based on attributes. In a typical implementation, the size of the ciphertext is proportional to the number of attributes associated with it and the decryption time is proportional to the number of attributes used during decryption. Inherit from ABE technology, the computation cost and ciphertext size in most ABKS schemes grow with the complexity of the access policy. On the other hand, we found that the traditional ABKS schemes cannot resist our secret-key-recovery attack. To deal with the above problems, we present new ciphertext policy attribute based encryption with fast keyword search constructions. Our constructions preserve the fine-grained access control inherited from the ABE system while supporting hidden policy and fast keyword search. Our constructions feature multi-value-independent compared with the existing attribute based searchable encryption schemes. The performance analysis demonstrates the efficiency of our constructions. We offer rigorous security proof of our second scheme, which is IND-CKA and IND-CPA secure.

Electronic Health Record Sharing Scheme With Searchable Attribute-Based Encryption on Blockchain

Abstract: With the digitization of traditional medical records, medical institutions encounter difficult problems, such as electronic health record storage and sharing. Patients and doctors spend considerable time querying the required data when accessing electronic health records, but the obtained data are not necessarily correct, and access is sometimes restricted. On this basis, this study proposes a medical data sharing scheme based on permissioned blockchains, which use ciphertext-based attribute encryption to ensure data confidentiality and access control of medical data. Under premise of ensuring patient identity privacy, a polynomial equation is used to achieve an arbitrary connection of keywords, and then blockchain technology is combined. In addition, the proposed scheme has keyword-indistinguishability against adaptive chosen keyword attacks under the random oracle model. Analysis shows that the scheme has high retrieval efficiency.

BDSS-FA: A Blockchain-Based Data Security Sharing Platform With Fine-Grained Access Control

Abstract: Aiming at the problem of privacy leakage during data sharing in the Internet of Things, a blockchain based secure data sharing platform with fine-grained access control(BSDS-FA) is proposed. First, this paper proposes a new hierarchical attribute-based encryption algorithm, which uses hierarchical attribute structure and multi-level authorization center. The algorithm implements flexible and fine-grained access control by distributing different user attributes to different authorization centers. Then, it combined with the Fabric blockchain technology to solve the problem of huge decryption cost for users in the Internet of things. Smart contract in blockchain executes high-complexity partial decryption algorithm to reduce the users’ decryption overhead. Blockchain can also realize the traceability of historical operations to meet the security requirements of data restriction open and transparent supervision. Finally, the hierarchical attribute-based encryption algorithm is proved to be CPA-safe. The theoretical analysis and experimental results show that BDSS-FA provides more secure and reliable data sharing services for users in the Internet of Things.

Attribute-based Encryption for Cloud Computing Access Control: A Survey

Abstract: Attribute-based encryption (ABE) for cloud computing access control is reviewed in this article. A taxonomy and comprehensive assessment criteria of ABE are first proposed. In the taxonomy, ABE schemes are assorted into key-policy ABE (KP-ABE) schemes, ciphertext-policy ABE (CP-ABE) schemes, anti-quantum ABE schemes, and generic constructions. In accordance with cryptographically functional features, CP-ABE is further divided into nine subcategories with regard to basic functionality, revocation, accountability, policy hiding, policy updating, multi-authority, hierarchy, offline computation, and outsourced computation. In addition, a systematical methodology for discussing and comparing existing ABE schemes is proposed. For KP-ABE and each type of CP-ABE, the corresponding access control scenario is presented and explained by concrete examples. Specifically, the syntax of ABE is given followed by the adversarial model and security goals. ABE schemes are discussed according to the design strategies and special features and are compared in the light of the proposed assessment criteria with respect to security and performance. Compared to related state-of-the-art survey papers, this article not only provides a broader 12 categories of ABE schemes, but also makes a more comprehensive and holistic comparison. Finally, a number of open research challenges in ABE are pointed out.

A Key-Policy Attribute-Based Temporary Keyword Search scheme for Secure Cloud Storage

Abstract: Temporary keyword search on confidential data in a cloud environment is the main focus of this research. The cloud providers are not fully trusted. So, it is necessary to outsource data in the encrypted form. In the attribute-based keyword search (ABKS) schemes, the authorized users can generate some search tokens and send them to the cloud for running the search operation. These search tokens can be used to extract all the ciphertexts which are produced at any time and contain the corresponding keyword. Since this may lead to some information leakage, it is more secure to propose a scheme in which the search tokens can only extract the ciphertexts generated in a specified time interval. To this end, in this paper, we introduce a new cryptographic primitive called key-policy attribute-based temporary keyword search (KP-ABTKS) which provide this property. To evaluate the security of our scheme, we formally prove that our proposed scheme achieves the keyword secrecy property and is secure against selectively chosen keyword attack (SCKA) both in the random oracle model and under the hardness of Decisional Bilinear Diffie-Hellman (DBDH) assumption. Furthermore, we show that the complexity of the encryption algorithm is linear with respect to the number of the involved attributes. Performance evaluation shows our scheme's practicality.

Efficient CP-ABE Scheme with Shared Decryption in Cloud Storage

Abstract: Attribute based encryption (ABE) is a preferred technology used to access control the data stored in the cloud servers. However, in many cases, the authorized decryption user may be unable to decrypt the ciphertext in time for some reason. To be on the safe side, several alternate users are delegated to cooperate to decrypt the ciphertext, instead of one user doing that. We provide a ciphertext-policy ABE scheme with shared decryption in this paper. An authorized user can recover the messages independently. At the same time, these alternate users (semi-authorized users) can work together to get the messages. We also improve the basic scheme to ensure that the semi-authorized users perform the decryption tasks honestly. An integrated access tree is used to improve the efficiency for our scheme. The new scheme is proved CPA-secure in the standard model. The experimental result shows that our scheme is very efficient on both computational overhead and storage cost.

Lightweight Revocable Hierarchical Attribute-Based Encryption for Internet of Things

Abstract: The Internet of Things (IoT) is an emerging technology that can benefit from cloud infrastructure. In a cloud-based IoT network, a variety of data is collected by smart devices and transmitted to a cloud server. However, since the data may contain sensitive information about individuals, providing confidentiality and access control is essential to protect the users’ privacy. Attribute-based encryption (ABE) is a promising tool to provide these requirements. However, most of ABE schemes neither provide efficient encryption and decryption mechanisms nor offer flexible and efficient key delegation and user revocation approaches. In this paper, to address these issues, we propose a lightweight revocable hierarchical ABE ( LW-RHABE ) scheme. In our scheme, computation overhead on the user side is very efficient, and most of the computational operations are performed by the cloud server. Also, using the hierarchical model, our scheme offers flexible and scalable key delegation and user revocation mechanisms. Indeed, in our scheme, key delegation and user revocation associated with each attribute can be handled by several key authorities. We provide the security definition for LW-RHABE , and we prove its security in the standard model and under the hardness assumption of the decisional bilinear Diffie-Hellman (DBDH) problem.

A Scalable Attribute-Based Access Control Scheme with Flexible Delegation cum Sharing of Access Privileges for Cloud Storage

Abstract: Nowadays cloud servers have become the primary choice to store and share data with multiple users across the globe. The major challenge in sharing data using cloud servers is to protect data against untrusted cloud service provider and illegitimate users. Attribute-Based Encryption (ABE) has emerged as a useful cryptographic technique to securely share data with legitimate recipients in fine-grained manner. Several solutions employing ABE have been proposed to securely share data using cloud servers. However, most of the solutions are data owner-centric and focus on providing data owner complete control on his outsourced data. The existing solutions in cloud computing fail to provide shared access privileges among users and to enable cloud users to delegate their access privileges in a flexible manner. In order to simultaneously achieve the notion of fine-grained access control, scalability and to provide cloud users shared access privileges and flexibility on delegation of their access privileges, we propose a scalable attribute-based access control scheme for cloud storage. The scheme extends the ciphertext policy attribute-based encryption to achieve flexible delegation of access privileges and shared access privileges along with scalability and fine-grained access control. The scheme achieves scalability by employing hierarchical structure of users. Furthermore, we formally prove the security of our proposed scheme based on security of the ciphertext-policy attribute-based encryption. We also implement the algorithm to show its scalability and efficiency.

A Hierarchical Multi Blockchain for Fine Grained Access to Medical Data

Abstract: The health care ecosystem involves various interconnected stakeholders with different, and sometimes conflicting security and privacy needs. Sharing medical data, sometimes generated by remote medical devices, is a challenging task. Although several solutions exist in the literature covering functional requirements such as interoperability and scalability, as well as security & privacy requirements such as fine-grained access control and data privacy, balancing between them is not a trivial task as off-the-shelf solutions do not exist. On one hand, centralized cloud architectures provide scalability and interoperable access, but make strong trust assumptions. On the other, decentralized blockchain based solutions favor data privacy and independent trust management, but typically do not support dynamic changes of the underlying trust domains. To cover this gap, in this paper, we present a novel hierarchical multi expressive blockchain architecture. At the top layer, a proxy blockchain enables independently managed trust authorities to interoperate. End-users from different health care domains, such as hospitals or device manufacturers are able to access and securely exchange medical data, provided that a commonly agreed domain-wise access policy is enforced. At the bottom layer, one or more domain blockchains allow each domain (e.g. a hospital or device manufacturer) to enforce their policy and allow fine-grained access control with attribute-based encryption. This architecture is designed to provide the autonomous management of trusted medical data/devices and the transactions of mutually untrusted stakeholders, as well as an inherent forensics mechanism tailored for granular auditing. Smart contracts are used to enforce decentralized policies. Ciphertext-policy attribute based encryption (CP-ABE) is used to distribute the decryption process among end users and the system, as well as support an efficient credential revocation mechanism. We demonstrate the efficiency of the proposed architecture through a proof of concept implementation. Finally we analyse the major security and performance characteristics.

Large-Universe Attribute-Based Encryption With Public Traceability for Cloud Storage

Abstract: Attribute-based encryption (ABE) can be utilized to achieve both data security and fine-grained access control in a cloud computing environment. However, we need to consider the risks of key abuse and key escrow in such a setting. Specifically, the former risk category includes the illegal sharing of user’s keys (i.e., user key abuse) and illegal key distribution by an authority (i.e., authority key abuse), and the latter includes the scenario where some ciphertext is decrypted by the authority without the user’s approval. Hence, in this article, we seek to address both key abuse and key escrow concerns when deploying ABE in a cloud computing environment. In our construction, two authorities [i.e., a key generation center (KGC) and an attribute authority (AA)] participate in the generation of the user’s secret key. Both KGC and AA will not know the full decryption key or have the capability to forge one. As a result, neither KGC nor AA can illegally distribute the user’s private key to unauthorized users or decrypt user’s ciphertexts without the user’s approval. In addition, in our scheme, any private keys modified by malicious users cannot be successfully used for decryption. In the event that some user illegally shares his/her original private key, the scheme has in place a mechanism to trace the abused private key (since the user’s identity information is embedded in the private key). Hence, our scheme supports public traceability, key abuse, and key escrow. In addition, our scheme is based on prime order bilinear groups, and is shown to be selectively secure in the standard model.

An efficient KP design framework of attribute‐based searchable encryption for user level revocation in cloud

Abstract: Attribute‐based searchable encryption (ABSE) is the combination of attribute‐based encryption (ABE) and searchable encryption with the inherent benefits of fine‐grained access control and expressive searching capabilities in multiuser setting. In this paper, we have used the key‐policy (KP) design framework of ABE and named the scheme KP‐ABSE. The proposed KP‐ABSE scheme efficiently supports user revocation where the computationally intensive tasks are delegated to the cloud server. Furthermore, the proposed scheme generates constant‐size user secret keys and trapdoors and has constant number of pairing operations, which in other schemes typically varies with the number of attributes associated with them. Thus, the proposed scheme reduces computational and storage costs and supports fast searching. Finally, the proposed scheme can be proven secure under a decision linear assumption in a selective security model.

A ciphertext-policy Attribute based encryption scheme for wireless body area networks based on ECC

Abstract: The Internet of Things (IoT) based healthcare system is one of the prominent approaches to overcome the issue of the increasing burden of healthcare costs in India. Wireless Body Area Networks (WBANs) are the key enabler in this scenario. It provides continuous monitoring of the patient’s health condition remotely, by making the real-time health data of the patient available to healthcare professionals through cloud/public channel. On the other side, the practical implementation of this service is not possible if the issue of data security is not considered. Thus, in this paper, we have proposed a secure framework for WBAN using Elliptic Curve Cryptography based Ciphertext-Policy Attribute Based Encryption (CPABE) without bilinear pairing operations. The proposed CPABE is secured under Elliptic Curve Decisional Diffie-Hellman assumption and also has a feature of user/attribute revocation. We have evaluated the lightweight feature of the proposed CPABE by comparing it with other existing ABE schemes for WBAN. The result shows that our scheme outperforms the existing schemes for WBAN in terms of keys-ciphertext size and computation overhead.

Attribute-based encryption with outsourced decryption in blockchain

Abstract: Attribute-based encryption (ABE) is a powerful cryptographic primitive for access control and fine-grained sharing on encrypted data. Due to this functionality, ABE is usually adopted in encrypted cloud storage for flexible data sharing. However, the main drawback of ABE is that the computational cost grows linearly with the complexity of the access policy. One of the promising solutions for the problem is to outsource computation securely. For example, the user can outsource most of the decryption cost to a proxy, while the underlying plaintext remains confidential. Nonetheless, all the existing ABE schemes with outsourced decryption ignore the fairness between the user and the proxy, i.e., the user may refuse to pay even if he/she obtain the valid result. To address this problem, in this paper we propose a new ABE scheme with fair outsourced decryption by using blockchain and sampling technique. In particular, we make use of the smart contract in blockchain to guarantee that the proxy can always get the reward with the valid outsourced decryption result. Furthermore, we apply the sampling technique to enable the miners in blockchain to check the validity of the outsourced decryption result. The detailed analysis conducts that our proposal is secure and fair under some reasonable assumptions, and the experimental results demonstrate that our proposal is efficient. At last, it may be of independent interest that our proposal is a generic construction for pairing-based ABE schemes.

Key-Policy Attribute-Based Encryption With Keyword Search in Virtualized Environments

Abstract: Cloud computing is a model for convenient, on-demand network access to virtualized environments of configurable computing resources. It is challenging to search data encrypted and stored in cloud storage servers. Searchable encryption enables data users to search on ciphertext without leaking any information about keywords and the plaintext of the data. Currently, a number of searchable encryption schemes have been proposed, but most of them provide unlimited search privileges to data users, which is not desirable in certain scenarios. In this paper, we propose a new construction of searchable encryption with fine-grained access control by using key-policy attribute-based cryptography to generate trapdoors to support AND, OR and threshold gates. The main idea is that the data owner encrypts the index keywords according to the specified access policy. The data user can generate a trapdoor to search on data, if and only if the attributes of the data user satisfy the access policy. We provide formal security proofs for the scheme, including the indistinguishability of ciphertexts and the indistinguishability of trapdoors, which are used to resist the chosen keyword attack and the keyword guessing attack of external adversaries. Comprehensive security analysis and implementation results show that the proposed scheme is provably secure and feasible in real-world applications.

A break-glass protocol based on ciphertext-policy attribute-based encryption to access medical records in the cloud

Abstract: In emergency care, fast and efficient treatment is vital. The availability of Electronic Medical Records (EMR) allows healthcare professionals to access a patient’s data promptly, which facilitates the decision-making process and saves time by not repeating medical procedures. Unfortunately, the complete EMR of a patient is often not available during an emergency situation to all treatment teams. Cloud services emerge as a promising solution to this problem by allowing ubiquitous access to information. However, EMR storage and sharing through clouds raise several concerns about security and privacy. To this end, we propose a protocol through which all treatment teams involved in the emergency care can securely decrypt relevant data from the patient’s EMR and add new information about the patient’s status. Furthermore, our protocol ensures that treatment teams will only access the patient’s EMR for the period during which the patient is under their care. Finally, we present a formal security analysis of our protocol and some initial experimental results.