Abstract

Cryptographic cloud storage (CCS) is a secure architecture built in the upper layer of a public cloud infrastructure. In the CCS system, a user can define and manage the access control of the data by himself without the help of cloud storage service provider. The ciphertext-policy attribute-based encryption (CP-ABE) is considered as the critical technology to implement such access control. However, there still exists a large security obstacle to the implementation of CP-ABE in CCS. That is, how to identify the malicious cloud user who illegally shares his private keys with others or applies his keys to construct a decryption device/black-box, and provides the decryption service. Although several CP-ABE schemes with black-box traceability have been proposed to address the problem, most of them are not practical in CCS systems, due to the absence of scalability and expensive computation cost, especially the cost of tracing. Thus, we present a new black-box traceable CP-ABE scheme that is scalable and high efficient. To achieve a much better performance, our work is designed on the prime order bilinear groups that results in a great improvement in the efficiency of group operations, and the cost of tracing is reduced greatly to O ( N ) or O ( 1 ) , where N is the number of users of a system. Furthermore, our scheme is proved secure in a selective standard model. To the best of our knowledge, this work is the first such practical and provably secure CP-ABE scheme for CCS, which is black-box traceable.

Highlights

  • Public cloud storage enables the users to store their huge data in a professional storage service platform with a relatively cheap cost

  • Unlike in the distributed system such as P2P grid, whose trust model is usually constructed in a special model, in a traditional centralized cloud storage system, users have to trust the cloud service provider (CSP) completely, because the data stored in cloud is completely under the control of CSP

  • A decryption black-box D, which is associated with the attribute set SD, can decrypt CT and outputs the correct message M, if the access structure of CT can be satisfied by SD, otherwise, it outputs ⊥

Read more

Summary

Introduction

Public cloud storage enables the users to store their huge data in a professional storage service platform with a relatively cheap cost. To implement a CP-ABE scheme in CCS, there is still an important security issue need to be solved in CP-ABE, that is, how to effectively identify the malicious user who illegally shares his access privilege with others. The problem may include two factors: (1) Leaking private keys to unauthorized users, and (2) constructing a decryption device/black-box to share privileges with others. Instead of the standard model, a generic group model [16], which is an artificial model based on the assumption that for performing any group operations the adversary has to access an oracle, is applied to prove the security of the scheme. Motivated by seeking a practical and secure CP-ABE scheme for the efficient implementation of access control in CCS, we design a new black-box traceable scheme. Provable security: The scheme is proved to be secure under a selective standard model while acquires a high efficiency similar to the scheme of [15]

Related Work
Background
Access Structures
Bilinear Groups
Complexity Assumption
CP-ABE Definition and Security Model
Selective Security Model for CP-ABE
Traceability for CP-ABE
Security Model for Compulsory Traceability
Our Construction
Concrete Construction
Traceability
Theoretical Analysis of Performance
Performance Measurements
Security Proof
Findings
Conclusions

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.