Abstract
Cryptographic cloud storage (CCS) is a secure architecture built in the upper layer of a public cloud infrastructure. In the CCS system, a user can define and manage the access control of the data by himself without the help of cloud storage service provider. The ciphertext-policy attribute-based encryption (CP-ABE) is considered as the critical technology to implement such access control. However, there still exists a large security obstacle to the implementation of CP-ABE in CCS. That is, how to identify the malicious cloud user who illegally shares his private keys with others or applies his keys to construct a decryption device/black-box, and provides the decryption service. Although several CP-ABE schemes with black-box traceability have been proposed to address the problem, most of them are not practical in CCS systems, due to the absence of scalability and expensive computation cost, especially the cost of tracing. Thus, we present a new black-box traceable CP-ABE scheme that is scalable and high efficient. To achieve a much better performance, our work is designed on the prime order bilinear groups that results in a great improvement in the efficiency of group operations, and the cost of tracing is reduced greatly to O ( N ) or O ( 1 ) , where N is the number of users of a system. Furthermore, our scheme is proved secure in a selective standard model. To the best of our knowledge, this work is the first such practical and provably secure CP-ABE scheme for CCS, which is black-box traceable.
Highlights
Public cloud storage enables the users to store their huge data in a professional storage service platform with a relatively cheap cost
Unlike in the distributed system such as P2P grid, whose trust model is usually constructed in a special model, in a traditional centralized cloud storage system, users have to trust the cloud service provider (CSP) completely, because the data stored in cloud is completely under the control of CSP
A decryption black-box D, which is associated with the attribute set SD, can decrypt CT and outputs the correct message M, if the access structure of CT can be satisfied by SD, otherwise, it outputs ⊥
Summary
Public cloud storage enables the users to store their huge data in a professional storage service platform with a relatively cheap cost. To implement a CP-ABE scheme in CCS, there is still an important security issue need to be solved in CP-ABE, that is, how to effectively identify the malicious user who illegally shares his access privilege with others. The problem may include two factors: (1) Leaking private keys to unauthorized users, and (2) constructing a decryption device/black-box to share privileges with others. Instead of the standard model, a generic group model [16], which is an artificial model based on the assumption that for performing any group operations the adversary has to access an oracle, is applied to prove the security of the scheme. Motivated by seeking a practical and secure CP-ABE scheme for the efficient implementation of access control in CCS, we design a new black-box traceable scheme. Provable security: The scheme is proved to be secure under a selective standard model while acquires a high efficiency similar to the scheme of [15]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
