scholarly journals Efficient Ciphertext-Policy Attribute-Based Online/Offline Encryption with User Revocation

2019 ◽  
Vol 2019 ◽  
pp. 1-11 ◽  
Author(s):  
Haiying Ma ◽  
Zhanjun Wang ◽  
Zhijin Guan
Keyword(s):  
Mobile Devices ◽  
Computational Costs ◽  
Private Key ◽  
Attribute Based Encryption ◽  
User Revocation ◽  
Key Update ◽  
Subset Difference ◽  
Ciphertext Policy ◽  
Selective Security ◽  
Over Time

Attribute-Based Encryption (ABE) must provide an efficient revocation mechanism since a user’s private key can be compromised or expired over time. The existing revocable ABE schemes have the drawbacks of heavy computational costs on key updates and encryption operations, which make the entities for performing these operations a possible bottleneck in practice applications. In this paper, we propose an efficient Ciphertext-Policy Attribute-Based Online/Offline Encryption with user Revocation (R-CP-ABOOE). We integrate the subset difference method with ciphertext-policy ABE to significantly improve key-update efficiency on the side of the trusted party from O(rlog⁡(N/r)) to O(r), where N is the number of users and r is the number of revoked users. To reduce the encryption burden for mobile devices, we use the online/offline technology to shift the majority of encryption work to the offline phase, and then mobile devices only need to execute a few simple computations to create a ciphertext. In addition, we exploit a novel trick to prove its selective security under the q-type assumption. Performance analysis shows that our scheme greatly improves the key-update efficiency for the trusted party and the encryption efficiency for mobile devices.

scholarly journals Efficient access control with traceability and user revocation in IoT

2021 ◽  
Author(s):  
Yi Wu ◽  
Wei Zhang ◽  
Hu Xiong ◽  
Zhiguang Qin ◽  
Kuo-Hui Yeh
Keyword(s):  
Internet Of Things ◽  
Mobile Devices ◽  
Data Privacy ◽  
Constant Size ◽  
Security Proof ◽  
Attribute Based Encryption ◽  
Efficient Access ◽  
Cloud Server ◽  
User Revocation ◽  
Ciphertext Policy

AbstractWith the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

Research on Access Control Based on CP-ABE Algorithm and Cloud Computing

2014 ◽  
Vol 513-517 ◽  
pp. 2273-2276
Author(s):  
Shao Min Zhang ◽  
Jun Ran ◽  
Bao Yi Wang
Keyword(s):  
Cloud Computing ◽  
Access Control ◽  
Control Policy ◽  
Massive Data ◽  
Access Control Policy ◽  
Fine Grained ◽  
Network Bandwidth ◽  
Private Key ◽  
Attribute Based Encryption ◽  
Ciphertext Policy

Ciphertext-Policy Attribute-based encryption (CP-ABE) mechanism is an extension of attribute-based encryption which associates the ciphertext and user's private key with the attribute by taking the attribute as a public key. It makes the representation of the access control policy more flexible, thus greatly reduces the network bandwidth and processing overhead of sending node brought by fine-grained access control of data sharing. According to the principle of CP-ABE encryption mechanism for this mechanism, an improved cloud computing-based encryption algorithm was proposed in this paper to overcome the deficiencies of permission changing process under the massive data. Experimental results show that compared with traditional methods, the new mechanism significantly reduces time-consuming.

scholarly journals Securing E-health Data using Ciphertext-Policy Attribute-Based Encryption with Dynamic User Revocation

2019 ◽  
Vol 8 (3) ◽  
pp. 7244-7250
Keyword(s):  
Access Control ◽  
Service Providers ◽  
Health Data ◽  
Security And Privacy ◽  
Unique Identifier ◽  
Fine Grained ◽  
Attribute Based Encryption ◽  
User Revocation ◽  
Role Based ◽  
Ciphertext Policy

E-health systems hold a massive amount of medical data that is stored and shared across healthcare service providers to deliver health facilities. However, security and privacy worries increase when sharing this data over distributed settings. As a result, Cryptography techniques have been considered to secure e-health data from unauthorized access. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) is commonly utilized in such a setting, which provides role-based and fine-grained access control over encrypted data. The CP-ABE suffers from the problem of user revocation where the entire policy must be changed even when only one user is revoked or removed from the policy. In this paper, we proposed a CP-ABE based access control model to support user revocation efficiently. Specifically, the proposed model associates a unique identifier to each user. This identifier is added to the policy attributes and removed dynamically when the user is added/revoked. A tree structure (PolicyPathTree) is designed specifically for our model. It can facilitate fast access to policy's attributes during the verification process; The model is analyzed using Information Theory Tools. Results show that our model outperforms other notable work in terms of computational overheads.,

scholarly journals A New User Revocable Ciphertext-Policy Attribute-Based Encryption with Ciphertext Update

2020 ◽  
Vol 2020 ◽  
pp. 1-11
Author(s):  
Zhe Liu ◽  
Fuqun Wang ◽  
Kefei Chen ◽  
Fei Tang
Keyword(s):  
Secret Key ◽  
Data Confidentiality ◽  
Encrypted Data ◽  
Diffie Hellman ◽  
Security Proof ◽  
Attribute Based Encryption ◽  
Challenge Ciphertext ◽  
Identity Based ◽  
Ciphertext Policy ◽  
Selective Security

The revocable ciphertext-policy attribute-based encryption (R-CP-ABE) is an extension of ciphertext-policy attribute-based encryption (CP-ABE), which can realize user direct revocation and maintain a short revocation list. However, the revoked users can still decrypt the previously authorized encrypted data with their old key. The R-CP-ABE scheme should provide a mechanism to protect the encrypted data confidentiality by disqualifying the revoked users from accessing the previously encrypted data. Motivated by practical needs, we propose a new user R-CP-ABE scheme that simultaneously supports user direct revocation, short revocation list, and ciphertext update by incorporating the identity-based and time-based revocable technique. The scheme provides a strongly selective security proof under the modified decisional q -parallel bilinear Diffie–Hellman Exponent problem, where “strongly” means that the adversary can query the secret key of a user whose attribute set satisfies the challenge ciphertext access structure and whose identity is in the revocation list.

Fine-Grained Access Control with Efficient Revocation in Cloud Storage

2014 ◽  
Vol 571-572 ◽  
pp. 79-89
Author(s):  
Ting Zhong ◽  
You Peng Sun ◽  
Qiao Liu
Keyword(s):  
Access Control ◽  
Cloud Storage ◽  
Storage System ◽  
Fine Grained ◽  
Computational Overhead ◽  
Attribute Based Encryption ◽  
Encrypt Data ◽  
User Revocation ◽  
Ciphertext Policy ◽  
Access Policies

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

scholarly journals Access Policy’s Over Encrypted Cloud Storage for Secure Deduplication

2018 ◽  
Vol 7 (3.27) ◽  
pp. 27
Author(s):  
G Kiran Kumar ◽  
E Amarnath Reddy ◽  
B Mamatha ◽  
Kompally Manisha
Keyword(s):  
Cloud Storage ◽  
Data Access ◽  
Public Key Cryptography ◽  
Public Key ◽  
Symmetric Encryption ◽  
Private Key ◽  
Attribute Based Encryption ◽  
Original File ◽  
Ciphertext Policy ◽  
Access Policies

Attribute-Based Encryption (ABE) is a basic concept that considers public-key cryptography. Ciphertext-Policy ABE (CP-ABE) is one of the approaches used by ABE for data sharing in the cloud. In CP-ABE scheme, each user’s private key has a set of attributes and then the user decrypts a ciphertext if it holds a matching key. Our proposed system provides an extension to CP-ABE by implementing AES. AES uses a symmetric encryption key algorithm for a same set of keys. Our system provides a higher security through AES because of its complexity and helps in generating the content key . This key is used during the encryption of the original file over the cloud. Our methodology also focuses on deduplication to provide less consumption of cloud storage over the cloud. Another advantage of using this system is to provide an efficient way of data access via access policies for a certain set of credentials.  

scholarly journals Large Universe Ciphertext-Policy Attribute-Based Encryption with Attribute Level User Revocation in Cloud Storage

2019 ◽  
Vol 17 (1) ◽  
pp. 107-117 ◽  
Author(s):  
Huijie Lian ◽  
Qingxian Wang ◽  
Guangbo Wang
Keyword(s):  
Cloud Storage ◽  
Attribute Level ◽  
Cloud Provider ◽  
Secret Key ◽  
Computational Load ◽  
Attribute Based Encryption ◽  
The Standard Model ◽  
Important Challenge ◽  
User Revocation ◽  
Ciphertext Policy

Ciphertext-Policy Attribute-Based Encryption (CP-ABE), especially large universe CP-ABE that is not bounded with the attribute set, is getting more and more extensive application in the cloud storage. However, there exists an important challenge in original large universe CP-ABE, namely dynamic user and attribute revocation. In this paper, we propose a large universe CP-ABE with efficient attribute level user revocation, namely the revocation to an attribute of some user cannot influence the common access of other legitimate attributes. To achieve the revocation, we divide the master key into two parts: delegation key and secret key, which are sent to the cloud provider and user separately. Note that, our scheme is proved selectively secure in the standard model under "q-type" assumption. Finally, the performance analysis and experimental verification have been carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although our scheme increases the computational load of storage Service Provider (CSP) in order to achieve the attribute revocation, it does not need the participation of Attribute Authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except of the private key, thus saving the storage space greatly

Sign in / Sign up

Export Citation Format

Share Document