The growth in Cloud Computing and the ubiquity of Mobile devices to access Cloud services has generated a new paradigm, Mobile Cloud Computing (MCC). While the benefits of storing and accessing data in the Cloud are w...
详细信息
ISBN:
(纸本)9781450348447
The growth in Cloud Computing and the ubiquity of Mobile devices to access Cloud services has generated a new paradigm, Mobile Cloud Computing (MCC). While the benefits of storing and accessing data in the Cloud are well documented there are concerns relating to the security of such data through data corruption, theft, exploitation or deletion. Innovative encryption schemes have been developed to address the challenges of data protection in the Cloud and having greater control over who should be accessing what data, one of which is attribute-basedencryption (ABE). ABE is a type of role-based access control encryption solution which allows data owners and data consumers or users to encrypt and decrypt based on their personal attributes (e.g. department, location, gender, role). A number of ABE schemes have been developed over the years but ABE in MCC has established its own paradigm driven by a) the use of mobile devices to access private data hosted in the Cloud and b) the physical limitations of the mobile device to perform complex computation in support of encryption and decryption in ABE. ABE in MCC is an evolving research field but given the breadth and strength of interest at time of writing it is timely to perform a survey. Due to the sheer volume of research, the survey has focused on one aspect of ABE - ciphertext-policy attribute-based encryption - in line with its prominence in ABE in MCC research to date. Further, given the significant developments and interest in IoT, the survey has since been extended to assess whether the research into mobile devices has been translated to the application of attribute-basedencryption in IoT where the challenges to support complex computation and data transmission are potentially more complex given the much greater heterogeneity and resource restrictions of IoT devices.
We address the problem of ciphertext-policy attribute-based encryption with fine access control, a cryptographic primitive which has many concrete application scenarios such as Pay-TV, e-Health, Cloud Storage and so o...
详细信息
ISBN:
(纸本)9781450349444
We address the problem of ciphertext-policy attribute-based encryption with fine access control, a cryptographic primitive which has many concrete application scenarios such as Pay-TV, e-Health, Cloud Storage and so on. In this context we improve on previous LSSS based techniques by building on previous work of Hohenberger and Waters at PKC'13 and proposing a construction that achi- eves ciphertext size linear in the minimum between the size of the boolean access formula and the number of its clauses. Our construction also supports fast decryption. We also propose two interesting extensions: the first one aims at reducing storage and computation at the user side and is useful in the context of lightweight devices or devices using a cloud operator. The second proposes the use of multiple authorities to mitigate key escrow by the authority.
ciphertext-policy attribute-based encryption (CP-ABE) is a promising solution to the problem of fine-grained access control over encrypted data in the cloud. Several CP-ABE based cryptographic cloud storage systems ha...
详细信息
ISBN:
(纸本)9781538637906
ciphertext-policy attribute-based encryption (CP-ABE) is a promising solution to the problem of fine-grained access control over encrypted data in the cloud. Several CP-ABE based cryptographic cloud storage systems have been proposed in recent years. However, access policy revocation is expensive in these systems, because data owner has to retrieve, re-encrypt and re-upload the data when access policy updates. To optimize the access policy revocation procedure, Cheng et al. proposed a revocation scheme for CP-ABE based cryptographic cloud storage. In their scheme, the original data is first divided into a number of slices, and then uploaded to the cloud storage. When a revocation occurs, the data owner needs only to retrieve, re-encrypt and re-upload one slice instead of the entire data. They claimed that their scheme is efficient and computationally secure. In this paper, we first point out Cheng et al.'s scheme only preserves all-or-nothing property for one time, then we show that it is susceptible to a fatal attack from the malicious revoked data user who stores the symmetric key or generates extra valid slices.
With the development of wireless access technologies and the popularity of mobile intelligent terminals, cloud computing is expected to expand to mobile environments. attribute-basedencryption, widely applied in clou...
详细信息
With the development of wireless access technologies and the popularity of mobile intelligent terminals, cloud computing is expected to expand to mobile environments. attribute-basedencryption, widely applied in cloud computing, incurs massive computational cost during the encryption and decryption phases. The computational cost grows with the complexity of the access policy. This disadvantage becomes more serious for mobile devices because they have limited resources. To address this problem, we present an efficient verifiable outsourced scheme based on the bilinear group of prime order. The scheme is called the verifiable outsourced computation ciphertext-policy attribute-based encryption scheme (VOC-CP-ABE), and it provides a way to outsource intensive computing tasks during encryption and decryption phases to CSP without revealing the private information and leaves only marginal computation to the user. At the same time, the outsourced computation can be verified by two hash functions. Then, the formal security proofs of its (selective) CPA security and verifiability are provided. Finally, we discuss the performance of the proposed scheme with comparisons to several related works.
In this paper, we propose a large universe ciphertextpolicyattributebasedencryption(ABE) scheme with efficient revocation. To achieve the revocation, we divide the master key into two parts: delegation key and secr...
详细信息
In this paper, we propose a large universe ciphertextpolicyattributebasedencryption(ABE) scheme with efficient revocation. To achieve the revocation, we divide the master key into two parts: delegation key and secret key, which are sent to the cloud provider and user separately. Note that, our scheme is proved selectively secure in the standard model under q-type assumption. Finally, we give the concrete analysis associated with our scheme including security requirements, functionality and performance.
A promising solution to protect data privacy in cloud storage services is known as ciphertext-policy attribute-based encryption (CP-ABE). However, in a traditional CP-ABE scheme, a ciphertext is bound with an explicit...
详细信息
ISBN:
(纸本)9783319474229;9783319474212
A promising solution to protect data privacy in cloud storage services is known as ciphertext-policy attribute-based encryption (CP-ABE). However, in a traditional CP-ABE scheme, a ciphertext is bound with an explicit access structure, which may leak private information about the underlying plaintext in that anyone having access to the ciphertexts can tell the attributes of the privileged recipients by looking at the access structures. A notion called CP-ABE with partially hidden access structures [14,15,18,19,24] was put forth to address this problem, in which each attribute consists of an attribute name and an attribute value and the specific attribute values of an access structure are hidden in the ciphertext. However, previous CP-ABE schemes with partially hidden access structures only support access structures in AND gates, whereas a few other schemes supporting expressive access structures are computationally inefficient since they are built from bilinear pairings over the composite-order groups. In this paper, we focus on addressing this problem, and present an expressive CP-ABE scheme with partially hidden access structures in prime-order groups.
Nowadays, more and more users outsource their data to third party cloud storage servers for the purpose of sharing, so cloud data sharing becomes one of the popular services offered by cloud service providers. However...
详细信息
Nowadays, more and more users outsource their data to third party cloud storage servers for the purpose of sharing, so cloud data sharing becomes one of the popular services offered by cloud service providers. However, the third party storage servers in cloud data sharing systems, which are not fully trusted by data owners, make access control to the shared data a challenging issue. Although ciphertext-policyattributebasedencryption (CP-ABE) is an emerging cryptographic solution for this issue, dealing with dynamic changes to users' access privileges (attribute revocation) in its practical applications as cloud data sharing systems is a real challenge. To overcome this challenge, we propose a fine-grained access control scheme for cloud data sharing systems by designing secure and efficient attribute-revocable CP-ABE scheme. Our scheme only allows non-revoked users in the attribute group to update their secret key by themselves using their unique key-update keys and the ciphertexts are updated by minimally trusted cloud server using a ciphertext-update key. Compared with the existing access controls achieved by attribute-revocable CP-ABE schemes, our proposed access control scheme reduces the trust degree of the cloud server in the attribute revocation mechanism. Furthermore, the analysis indicates that our access control scheme is more secure and efficient to apply to practical scenarios.
In the cloud, for achieving access control and keeping data confidential, the data owners could adopt attribute-basedencryption to encrypt the stored data. Users with limited computing power are however more likely t...
详细信息
In the cloud, for achieving access control and keeping data confidential, the data owners could adopt attribute-basedencryption to encrypt the stored data. Users with limited computing power are however more likely to delegate the mask of the decryption task to the cloud servers to reduce the computing cost. As a result, attribute-basedencryption with delegation emerges. Still, there are caveats and questions remaining in the previous relevant works. For instance, during the delegation, the cloud servers could tamper or replace the delegated ciphertext and respond a forged computing result with malicious intent. They may also cheat the eligible users by responding them that they are ineligible for the purpose of cost saving. Furthermore, during the encryption, the access policies may not be flexible enough as well. Since policy for general circuits enables to achieve the strongest form of access control, a construction for realizing circuit ciphertext-policyattribute-based hybrid encryption with verifiable delegation has been considered in our work. In such a system, combined with verifiable computation and encrypt-then-mac mechanism, the data confidentiality, the fine-grained access control and the correctness of the delegated computing results are well guaranteed at the same time. Besides, our scheme achieves security against chosen-plaintext attacks under the k-multilinear Decisional Diffie-Hellman assumption. Moreover, an extensive simulation campaign confirms the feasibility and efficiency of the proposed solution.
ciphertext-policy attribute-based encryption(CP-ABE)allows a user with some attributes to decrypt the ciphertexts associated with these *** several CP-ABE schemes with the constant size ciphertext were proposed to red...
详细信息
ciphertext-policy attribute-based encryption(CP-ABE)allows a user with some attributes to decrypt the ciphertexts associated with these *** several CP-ABE schemes with the constant size ciphertext were proposed to reduce the communication cost,their master public and secret keys still have the size linear in the total number of *** schemes are unpractical for the attribute-scalable and many-attributes scenario.A new CP-ABE scheme is *** attribute is mapped to a mathematical value by a combination *** master public and secret keys of the proposed CP-ABE scheme have the size linear in the binary size of a hash function’s *** has the comparable performance with existing schemes in the aspects like the time costs of encryption and decryption,the expressiveness of access policy and the provable security.
Digital content is easily spread out in the era of cloud computing. However, the challenge is providing an identity-based access control mechanism to carry out the rating system for preventing specific digital content...
详细信息
ISBN:
(纸本)9781479983421
Digital content is easily spread out in the era of cloud computing. However, the challenge is providing an identity-based access control mechanism to carry out the rating system for preventing specific digital content from being obtained by inappropriate users. In this paper, we proposed a novel identity-based access control approach for digital content based on ciphertext-policy attribute-based encryption (iDAC). In iDAC, the access control still works even the digital content is duplicated to another content server. Moreover, only one copy of encrypted digital content is required to share with multiple users. This could efficiently reduce the overhead of content servers. As shown in our performance analysis with respect of security, space complexity, and time complexity, iDAC outperforms the traditional access control list based and encryption-based access control approaches.
暂无评论