Cost-Effective and Scalable Data Sharing in Cloud Storage Using Hierarchical Attribute-Based Encryption with Forward Security

Abstract

Cloud storage greatly facilitates both individuals and organizations to share data over the Internet. However, there are several security issues that impede to outsource their data. Among various approaches introduced to overcome these issues, attribute-based encryption (ABE) provides secure and flexible access control on shared data, and thus is rather promising. But the original ABE is not adaptable to some special circumstances, where attributes are organized in a hierarchical structure, such as enterprises and official institutions. On the other hand, although the wide use of mobile devices enables users to conveniently access shared data anywhere and anytime, this also increases the risk of key exposure, which will result into unwanted exposure of the shared data. In this paper, we extend the functionality of the original ABE and enhance its security by providing key generation delegation and forward security. Consequently, the enhanced ABE meets applications of large organizations with hierarchies and minimizes the damage in the case of unexpected key exposures. Specifically speaking, we present a forward-secure ciphertext-policy hierarchical attribute-based encryption scheme in prime order bilinear groups, as a core building of attribute-based data sharing scheme. The security of the proposed scheme is proven in the standard model. We conduct experiments to demonstrate its efficiency and practicability.