Efficient Fine-grained Access Control Research Articles

TRE-DSP: A traceable and revocable CP-ABE based data sharing scheme for IoV with partially hidden policy

With the popularity of the Internet of Vehicles (IoV), a large amount of data is being generated every day. How to securely share data between the IoV operator and various value-added service providers becomes one of the critical issues. Due to its flexible and efficient fine-grained access control feature, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for data sharing in IoV. However, there are many flaws in most existing CP-ABE schemes, such as attribute privacy leakage and key misuse. This paper proposes a traceable and revocable CP-ABE-based data sharing with partially hidden policy for IoV (TRE-DSP). A partially hidden access structure is adopted to hide sensitive user attribute values, and attribute categories are sent along with the ciphertext to effectively avoid privacy exposure. In addition, key tracking and malicious user revocation are introduced with broadcast encryption to prevent key misuse. Since the main computation task is outsourced to the cloud, the burden of the user side is relatively low. Analysis of security and performance demonstrates that TRE-DSP is more secure and practical for data sharing in IoV.

A Stronger Secure Ciphertext Fingerprint-Based Commitment Scheme for Robuster Verifiable OD-CP-ABE in IMCC

Outsourced Decryption Attribute-based Encryption (OD-ABE) is emerging as a promising cryptographic tool to provide efficient fine-grained access control for data accessing and sharing in cloud-assisted Intelligent Internet of Mobile Things (IIoMT). Decryption verification is an essential property of OD-ABE to enable the mobile user to verify the precision of the decryption data. Unfortunately, the most representative verification (commitment) algorithms have various security flaws. In this paper, we first indicate that the two state-of-art key-based commitment schemes are vulnerable to “Commitment Extract(Decrypt)-then-Reuse Attack” and “Commitment Impersonation Attack” which demolish the unforgeability of the commitment. Then to cover all the existing attacks to commitment algorithms, we re-define a robuster verifiable security model for verifiable OD-ABE. Subsequently, we invent a ciphertext fingerprint (CTfp) based commitment scheme and give rigorous proof to the proposed commitment scheme including binding, hiding, unforgeability, and non-repudiation (traceability) in the random oracle. Next, we apply our CTfp-based commitment to the widely used OD-ABE schemes to provide them robuster verifiability. Finally, the theoretical comparison and simulation experiments are presented to show our new type of commitment algorithm is more secure and practical.

VFIRM: Verifiable Fine-Grained Encrypted Image Retrieval in Multi-Owner Multi-User Settings

To ensure the security of images outsourced to the malicious cloud without affecting searchability on such outsourced (typically encrypted) images, one could use privacy-preserving Content-Based Image Retrieval (CBIR) primitive. However, conventional privacy-preserving CBIR schemes based on Searchable Symmetric Encryption (SSE) are not capable of supporting efficient fine-grained access control and result verification simultaneously. Therefore, in this article, we propose a <u>V</u> erifiable <u>F</u> ine-grained encrypted <u>I</u> mage <u>R</u> etrieval scheme in the <u>M</u> ulti-owner multi-user settings (VFIRM). VFIRM first utilizes a novel polynomial-based access strategy to provide efficient fine-grained access control. Then, it employs the dual secure <inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> -nearest neighbor technique to distribute distinct keys to different data owners and data users, and finally implements an adapted homomorphic MAC technique to check the correctness of search results. Our formal security analysis shows that VFIRM is non-adaptive semantic secure if the client's search key is generated randomly and keeps in secret. Our empirical experiments using two real-world datasets (i.e., Caltech101 and Corel5k) demonstrate the practicality of VFIRM.

A fully flexible key delegation mechanism with efficient fine-grained access control in CP-ABE

A fully flexible key delegation mechanism with efficient fine-grained access control in CP-ABE

SCD2: Secure Content Delivery and Deduplication With Multiple Content Providers in Information Centric Networking

As one of the promising next generation network architectures, information centric networking (ICN) is highly anticipated to improve the bandwidth usage of the Internet and reduce duplicate traffic. Since contents in ICN are disseminated in the whole network, ICN is much more vulnerable and the issue of how to deliver contents securely has been intensively discussed. However, the scalability of the existing schemes is limited. A scalable scheme is expected to be able to achieve fine-grained access control and at the same time also support multiple content providers scenario with efficient key management at user side. Besides, different content providers may publish some identical contents and these contents may be cached in the same intermediate routers, which causes high data redundancy and in turn exerts an adverse impact on the performance of ICN. In this paper, we propose a Secure Content Delivery and Deduplication scheme, called SCD2, to achieve secure and efficient fine-grained access control in ICN with multiple content providers. We first propose a scalable key-policy attribute-based encryption (SKP-ABE) to provide fine-grained access control and allow different attribute authorities to share some public attributes to simplify the key management. Furthermore, based on SKP-ABE, we design a simple but effective mechanism to conduct content deduplication. Finally, we implement a prototype of SCD2 to test its performance and compare it with some existing schemes. The results show that SCD2 has lower storage overhead, a higher degree of deduplication, and better retrieval efficiency.

Towards Efficient Fine-Grained Access Control and Trustworthy Data Processing for Remote Monitoring Services in IoT

As an important application of the Internet of Things, many remote monitoring systems adopt a device-to-cloud network paradigm. In a remote patient monitoring case, various resource-constrained devices are used to measure the health conditions of a target patient in a distant non-clinical environment and the collected data are sent to the cloud backend of an authorized health care service for processing and decision making. As the measurements involve private patient information, access control and trustworthy processing of the confidential data become very important. Software-based solutions that adopt advanced cryptographic tools, such as attribute-based encryption and fully homomorphic encryption, can address the problem, but they also impose substantial computation overhead on both client and server sides. In this paper, we deviate from the conventional software-based solutions and propose a secure and efficient remote monitoring framework, called SRM, using the latest hardware-based trustworthy computing technology, such as Intel SGX. In addition, we present a robust and lightweight “heartbeat” protocol to handle notoriously difficult key revocation problem. We implemented a prototype of the framework for SRM and show that SRM can protect user data privacy against unauthorized parties, with minimum performance cost compared to existing software-based solutions.

Efficient Attribute-Based Data Sharing Scheme with Hidden Access Structures

AbstractOnline data sharing has become a research hotspot while cloud computing is getting more and more popular. As a promising encryption technique to guarantee the security shared data and to realize flexible fine-grained access control, ciphertext-policy attribute-based encryption (CP-ABE) has drawn wide attentions. However, there is a drawback preventing CP-ABE from being applied to cloud applications. In CP-ABE, the access structure is included in the ciphertext, and it may disclose user’s privacy. In this paper, we find a more efficient method to connect ABE with inner product encryption and adopt several techniques to ensure the expressiveness of access structure, the efficiency and security of our scheme. We are the first to present a secure, efficient fine-grained access control scheme with hidden access structure, the access structure can be expressed as AND-gates on multi-valued attributes with wildcard. We conceal the entire attribute instead of only its values in the access structure. Besides, our scheme has obvious advantages in efficiency compared with related schemes. Our scheme can make data sharing secure and efficient, which can be verified from the analysis of security and performance.

Secure Fine-Grained Access Control and Data Sharing for Dynamic Groups in the Cloud

Cloud computing is an emerging computing paradigm that enables users to store their data in a cloud server to enjoy scalable and on-demand services. Nevertheless, it also brings many security issues, since cloud service providers (CSPs) are not in the same trusted domain as users. To protect data privacy against untrusted CSPs, existing solutions apply cryptographic methods (e.g., encryption mechanisms) and provide decryption keys only to authorized users. However, sharing cloud data among authorized users at a fine-grained level is still a challenging issue, especially when dealing with dynamic user groups. In this paper, we propose a secure and efficient fine-grained access control and data sharing scheme for dynamic user groups by: 1) defining and enforcing access policies based on the attributes of the data; 2) permitting the key generation center to efficiently update user credentials for dynamic user groups; and 3) allowing some expensive computation tasks to be performed by untrusted CSPs without requiring any delegation key. Specifically, we first design an efficient revocable attribute-based encryption (ABE) scheme with the property of ciphertext delegation by exploiting and uniquely combining techniques of identity-based encryption, ABE, subset-cover framework, and ciphertext encoding mechanism. We then present a fine-grained access control and data sharing system for on-demand services with dynamic user groups in the cloud. The experimental data show that our proposed scheme is more efficient and scalable than the state-of-the-art solution.

An efficient fine-grained access control scheme for hierarchical wireless sensor networks

An efficient fine-grained access control scheme for hierarchical wireless sensor networks