FE for inner products and its application to multi-authority ABE

Multi-authority attribute-based encryption (ABE) scheme can support the flexible fine-grained sharing of encrypted data and solve a completely trust problem about a single authorization center. However, in the previous multi-authority ABE schemes, the access policy is directly outsourced to the cloud storage server, resulting in the disclosure of access policy privacy. Furthermore, in order to obtain the corresponding secret keys, the user has to submit his global identifier (GID) to each attribute authority (AA). This will compromise the user’s privacy because the malicious authorities can collaborate to trace the user’s GID. In this paper, we propose a new multi-authority ciphertext-policy ABE scheme which can realize efficient attribute-level user revocation. In our scheme, the AA knows nothing about the user’s GID during the generation of the user’s secret key. The new scheme can protect the access policy privacy as the access policy is fully hidden to the cloud storage sever and users. In addition, our scheme supports any monotone access policy and is proven selectively secure.

Secure threshold multi authority attribute based encryption without a central authority

One of the major problem existing in the cloud is to manage or to secure the data's from the unauthorized persons. Here in medical field, Patient — centric model describes about the patients Personal Health Record (PHR), where the health information is to be secured from the third party servers. The security scheme Multi Authority Attribute Based Encryption (MA-ABE) is used to protect the patient's record. The personal and professional file access is done in a structured way and policy management is also maintained by using MA-ABE. The proposed results are compared with the existing CP-ABE and the results shows that MA-ABE model is more secured with less delay.

Data access control is an effective way to ensure data security in the cloud. Due to data outsourcing and untrusted cloud servers, the data access control becomes a challenging issue in cloud storage systems. Attribute-based encryption (ABE) is usually adopted for cloud storage, both for its achievement of fine grained access control over data, and for its guarantee of data confidentiality. Single-authority Attribute-Based Encryption (SA-ABE) has its obvious drawback in that only one attribute authority can assign the users’ attributes, enabling the data to be shared only within the management domain of the attribute authority, while rendering multiple attribute authorities unable to share the data. On the other hand, multi-authority attribute-based encryption (MA-ABE) has its advantages over SA-ABE. It can not only satisfy the need for the fine-grained access control and confidentiality of data, but also make the data shared among different multiple attribute authorities. In this paper, on the basis of the cryptography, an efficient revocable multi-authority attribute-based encryption (RMA-ABE) scheme for cloud storage is proposed. Multi-authority attribute-based encryption was very suitable for data access control in a cloud storage environment. However, efficient user revocation in multi-authority attribute based encryption remains a challenging problem that prevents it from practical applications. A multi-authority attribute-based encryption scheme with efficient revocation was proposed with proved statically secure and revocable in the random oracle model.

The introduction of attribute-based encryption (ABE) targets to achieve the implementation of single-to-numerous encryption; however, the sole authority challenge and the issue of distributed management of attributes are bottlenecks to its realization. Multi-authority attribute-based encryption (MA-ABE) where various attribute authorities (which may be independent of each other) control different attribute universe and are involved in the administration of attribute keys for decryption provides the necessary platform to undertake the implementation of fine-grained access regulation over shared data while achieving single-to-numerous encryption. In recent years, research into MA-ABE has seen rapid advancement, and we believe that it is a suitable solution to thwarting the key escrow problem as well as the problem of distributed management of attributes. This paper offers a thorough survey and examines the state-of-the-art of some traditional ABE as well as multi-authority attribute-based encryption schemes over the past decade. Furthermore, the survey gives detailed insights on some essential techniques as well as some classic concretely constructed algorithms. Moreover, we discuss an extension (the different directions) of MA-ABE and its progress since its inception. We also provide design principles of MA-ABE and also show comparisons between existing works on areas as security, performance, and functionality. This paper also discusses several interesting open problems. As far as we can tell, no comparable survey on MA-ABE exists in literature so far.

The health records of various patients are monitored, stored and accessed using cloud providers. There may a chance of accessing and data exposure to third party servers which are unauthorized. In order to provide a secured access to data, encryption is considered to be a most promising method. Though many issues are concerned in encryption such as key management, efficient access and user revocation the most prominent changeling is ensuring fine grained. This proposed method states various framework and architectures which would provide a control over the data access and also helps in storing the patient’s record in semi trusted servers. In order to achieve fine grained and secured data access over health records, Multi Authority Attribute-based encryption (MA ABE) technique helps in encrypting each and every person health record. The suggested encryption standards have a centric view on multiple data that divides the users into multiple domains which in reduces the complicity of key management for both users and owners. High level of privacy is provided by exploiting multi authority encryption method. This also governs dynamic change in accessing policies and also supports efficient user revocation under emergency situation. The experimental results help in providing the scalability, efficiency of proposed method.KeywordsHealth recordsCloud providerThird party servicesAttribute-based encryptionMulti authority encryptionPrivacy

Making MA-ABE fully accountable: A blockchain-based approach for secure digital right management

With the rapid adoption of Cloud-based Electronic Health Record (EHR) systems, health providers are particularly concerned about managing data privacy on the cloud. Existing approaches have either a scalability bottleneck by requiring that patients approve each sharing of their medical data or a trust bottleneck by having a single authority control every access thereby creating the problem of a single point of attack. To address both these bottlenecks, we have developed a novel framework that enables policy based multi-authority access authorization to EHR systems accessed by multiple care providers from different locations or organizations. This framework, which resides on the Edge, has been built using the Multi-Authority Attribute Based Encryption (MA-ABE) and Semantic Web technologies to provide a secure, semantically rich approach to facilitate secure data sharing among organizations who manage different attributes of end users using a shared dataset. In this paper, we describe our novel approach along with the proof of concept prototype that we created to evaluate our framework.

With the rapid implementation of Cloud-based Electronic Health Record (EHR) systems, health providers are specifically concerned about handling data privacy on the cloud. Existing methods have either scalability issues by requiring that patients grant access to their medical data or a trust issue by having a single authority, thereby creating the problem of a single point of attack. Hence there is a need to develop an EHR system that addresses these bottlenecks for safe, secure, and easy cloud-based EHR management. To address these bottlenecks, we have developed a novel framework that allows policy-based multi-authority access permission to Electronic Health Record systems used by multiple care providers from various places or organizations. This framework, residing on the Edge, has been built using the Multi-Authority Attribute Based Encryption (MA-ABE) and Semantic Web technologies to provide a safe, semantically rich approach to facilitate secure data sharing among organizations who manage different attributes of end-users using a shared dataset. This paper describes our novel approach and the proof of concept prototype that we created to evaluate our framework.

Blockchain has been widely used in many fields because it can solve the problem of information asymmetry and enable users who do not trust each other to collaborate without the participation of third-party intermediaries. Existing blockchain access control schemes usually use attribute-based encryption, but most of them adopt traditional single-attribute authority for attribute authorization, which has the problem that the authority is overburdened and must be fully credible. This paper proposes a blockchain access control scheme based on multi-authority attribute-based encryption by improving the existing blockchain privacy protection method. Autonomous identity management is performed through the blockchain to complete the initialization of user identity and the issuance of attribute certificates. Attribute authorities are selected using the reputation proof consensus mechanism. The distributed key generation protocol is used to generate keys, and the linear secret sharing scheme is improved. The hierarchical relationship of the access structure is used to encrypt and access control the private data that need to be uploaded to the blockchain. According to the comparison with other blockchain access control schemes, the scheme proposed in this paper has been improved in terms of security and efficiency.KeywordsAccess controlBlockchainAttribute-based encryptionMulti-authority

Attribute-based encryption (ABE) extends public-key encryption to enable fine-grained control to encrypted data. However, this comes at the cost of needing a central trusted authority to issue decryption keys. A multi-authority ABE (MA-ABE) scheme decentralizes ABE and allows anyone to serve as an authority. Existing constructions of MA-ABE only achieve security in the random oracle model.In this work, we develop new techniques for constructing MA-ABE for the class of subset policies (which captures policies such as conjunctions and DNF formulas) whose security can be based in the plain model without random oracles. We achieve this by relying on the recently-proposed “evasive” learning with errors (LWE) assumption by Wee (EUROCRYPT 2022) and Tsabury (CRYPTO 2022).Along the way, we also provide a modular view of the MA-ABE scheme for DNF formulas by Datta et al. (EUROCRYPT 2021) in the random oracle model. We formalize this via a general version of a related-trapdoor LWE assumption by Brakerski and Vaikuntanathan (ITCS 2022), which can in turn be reduced to the plain LWE assumption. As a corollary, we also obtain an MA-ABE scheme for subset policies from plain LWE with a polynomial modulus-to-noise ratio in the random oracle model. This improves upon the Datta et al. construction which relied on LWE with a sub-exponential modulus-to-noise ratio. Moreover, we are optimistic that the generalized related-trapdoor LWE assumption will also be useful for analyzing the security of other lattice-based constructions.

With the help of cloud computing, the ubiquitous and diversified Internet of things (IoT) has greatly improved human society. Revocable multi-authority attribute-based encryption (MA-ABE) is considered a promising technique to solve the security challenges on data access control in the dynamic IoT since it can achieve dynamic access control over the encrypted data. However, on the one hand, the existing revocable large universe MA-ABE suffers the collusion attack launched by revoked users and non-revoked users. On the other hand, the user collusion avoidance revocable MA-ABE schemes do not support large attributes (or users) universe, i.e. the flexible number of attributes (or users). In this article, the author proposes an efficient revocable large universe MA-ABE based on prime order bilinear groups. The proposed scheme supports user-attribute revocation, i.e., the revoked user only loses one or more attributes, and she/he can access the data so long as her/his remaining attributes satisfy the access policy. It is static security in the random oracle model under the q-DPBDHE2 assumption. Moreover, it is secure against the collusion attack launched by revoked users and non-revoked users. Meanwhile, it meets the requirements of forward and backward security. The limited-resource users can choose outsourcing decryption to save resources. The performance analysis results indicate that it is suitable for large-scale cross-domain collaboration in the dynamic cloud-aided IoT.

In recent years, centralized storage systems have been extensively adopted by many companies, organizations, and individuals for storing and sharing data. These systems, however, make concerns for users of a single point of failure and the involvement of a centralized entity or third party. Therefore, there is a need for developing decentralized storage systems to overcome the drawbacks of traditional approach. In order to enhance secure and transparent characteristics of decentralized storage systems, in this paper, we present a combination of IPFS (InterPlanetary File System), ABE (Attribute-based Encryption), Multi-Authority ABE (MA-ABE), and Ethereum blockchain. In particular, we facilitate the advantages of IPFS network to store user’s data in a distributed manner. Furthermore, we make the use of MA-ABE to encrypt a document, which an user needs to share it among multiple organizations. The hash returned by the IPFS network will be stored in the Ethereum blockchain network to provide trustworthy for all users participating in our system. To the best of our knowledge, it is the first storage system using IPFS, ABE, MA-ABE, and blockchain technologies together to ensure decentralized, secure, and transparent characteristics for storing and sharing data.

In order to alleviate key escrow issue, the notion of multiauthority attribute-based encryption (MA-ABE) was presented, which was widely applied in cloud storage environment. In data sharing environment, secure data deletion is very crucial and challenging issue. Hence, in this article, we concentrate on verification of data deletion operation, i.e., assuring data deletion. To solve this problem, we put forward a system model, formal definition and security model of MA-ABE for assuring data deletion. Furthermore, we design a MA-ABE scheme for assuring data deletion, which is more practicable than the single authority ABE scheme. The designed scheme not only overcomes key escrow issue, but also resists collusion attack between malicious user and unauthorized user. In addition, our scheme utilizes merkle hash tree to obtain verifiable data deletion. Based on decisional bilinear Diffie-Hellman (DBDH) assumption, the scheme is proven to be secure under the selective-policy model. The experimental result indicates that the designed scheme is efficient for practical application.

This paper presents a hybrid blockchain-edge architecture for managing Electronic Health Records (EHRs) with attribute-based cryptographic mechanisms. The architecture introduces a novel attribute-based signature aggregation (ABSA) scheme and multi-authority attribute-based encryption (MA-ABE) integrated with Paillier homomorphic encryption (HE) to protect patients’ anonymity and safeguard their EHRs. All the EHR activities and access control events are recorded permanently as blockchain transactions. We develop the ABSA module on Hyperledger Ursa cryptography library, MA-ABE module on OpenABE toolset, and blockchain network on Hyperledger Fabric. We measure the execution time of ABSA’s signing and verification functions, MA-ABE with different access policies and homomorphic encryption schemes, and compare the results with other existing blockchain-based EHR systems. We validate the access activities and authentication events recorded in blockchain transactions and evaluate the transaction throughput and latency using Hyperledger Caliper. The results show that the performance meets real-world scenarios’ requirements while safeguarding EHR and is robust against unauthorized retrievals.