Multi-authority Ciphertext-policy Attribute-based Encryption Research Articles

An enhanced traceable access control scheme based on multi-authority CP-ABE for cloud-assisted e-health system

Due to the inherent openness of the Internet of Things (IoT), e-health systems that utilize this technology on a broad scale are susceptible to network attacks. The propose black and white box traceable multi-authority ciphertext policy attribute-based encryption scheme (BWMABE) that combines black and white box accountability with ciphertext policy attribute-based encryption (CP-ABE) to improve data security in e-health systems. The proposed BWMABE scheme enhances security by enabling traceable permissions leakage and employs distributed attribute and key management across multiple authorities. By outsourcing the decryption process to cloud service providers, the proposed BWMABE significantly reduces the computational burden on end-users, making it suitable for lightweight IoT devices with limited computing power. Compared to previous traceable CP-ABE methods, the proposed BWMABE requires less computational effort while supporting both black box and white box traceability. By means of thorough security analysis and performance assessment, the proposed BWMABE has been validated to provide robust security and high efficiency, demonstrating its effectiveness in protecting e-health systems.

Performance analysis of the proxy-based and collusion-resistant revocable CPABE framework

Performance analysis of the proxy-based and collusion-resistant revocable CPABE framework

Lattice-based multi-authority ciphertext-policy attribute-based searchable encryption with attribute revocation for cloud storage

Multi-authority attribute-based searchable encryption (MABSE) is an flexible and efficient way to securely share and search encrypted data. Compared with single-authority systems, MABSE has more complex access control policies and key management mechanism. However, most existing MABSE schemes rely on traditional number-theoretic assumptions, which maybe vulnerable to attack in the era of quantum-computers. Besides, the effective revocation of user attributes is also crucial in searchable encryption. To overcome these challenges, this paper proposes a new multi-authority ciphertext-policy attribute-based searchable encryption scheme for securely sharing encrypted data in the cloud. By calling Shamir’s threshold secret-sharing technology twice, we achieve co-management of the master key by attribute authorities and interactive generation of user private keys. Furthermore, the KUNodes algorithm is employed for attribute revocation, offering a mechanism to update private keys for non-revoked users. Compared to other schemes, MCP-ABSE-AR introduces multiple attribute authorities responsible for managing user attributes collectively. Additionally, it provides functionalities for keyword searching and attribute revocation. Finally, the proposed scheme is proved to be semantically secure under the decision learning with errors problem in the standard model.

BDAE: A Blockchain-Based and Decentralized Attribute-Based Encryption Scheme for Secure Data Sharing

Ciphertext-policy attribute-based encryption (CP-ABE) is widely employed for secure data sharing and access control. However, its dependence on a single authority introduces security and performance challenges. Despite the existence of multi-authority CP-ABE approaches, persistent issues such as single points of failure and high computation cost on the user side remain. This study proposes a novel solution named blockchain-based and decentralized attribute-based encryption (BDAE) for data sharing. BDAE enhances traditional scheme by integrating blockchain and distributed key generation technology. The scheme employs an (n, t) threshold secret sharing algorithm, coupled with the Pedersen verifiable secret sharing method, for attribute key generation. This combination ensures key credibility, facilitates joint attribute management, and addresses single bottleneck and key verification issues. Integrated into a blockchain system, the scheme utilizes smart contracts for fine-grained access control and outsourced computing. Blockchain's decentralization and access logs make data sharing tamper-resistant and auditable. Moreover, simulation comparisons demonstrate that the scheme effectively reduces decryption overhead on the user side, meeting practical application requirements.

A blockchain-enabled decentralized access control scheme using multi-authority attribute-based encryption for edge-assisted Internet of Things

More edge users opt to use Internet of Things (IoT) devices to collect their data (e.g., health data, social data, e-governance data, etc.), which are stored in central cloud service providers (CSPs). However, this compromises data privacy and creates issues with collusion attacks. Current ciphertext-policy attribute-based encryption (CP-ABE) schemes with and without blockchain have only partially addressed these issues. Ongoing challenges remain to be resolved, including large-universe attribute management, secret key verification, and malicious attribute authorities (AAs) tracking. Therefore, we propose a decentralized access control scheme (namely BLUMA-CPABE) integrating blockchain with multi-authority ciphertext-policy attribute-based encryption (MA-CP-ABE). The scheme not only supports large-universe, policy hiding, and AAs tracking, but it also utilizes on- and off-chain mechanisms to alleviate the computation burden of the blockchain. In addition, we develop a verifiable key distribution approach in which AAs are configured as blockchain consensus nodes capable of issuing, signing, validating, and disseminating secret keys as transactions on-chain. It guarantees the keys’ security and reliability. To incentivize authorities to control newly added attributes proactively for large-universe, we enhance the Proof-of-Authority (called PoA＋) consensus mechanism in multi-authority scenarios. It allows authorities to take turns proposing and confirming new blocks based on three contribution indicators: attribute management contribution, data decryption contribution, and block validation gain. The proposed scheme is proven statically secure while resisting collusion attacks. The experimental results demonstrate the feasibility and efficiency of our scheme.

A decentralized multi-authority CP-ABE scheme from LWE

As a cryptographic primitive supporting finer and richer access control, attribute-based encryption can provide more efficient, concise, secure and highly adaptive access control policies for cloud data, which has attracted the attention of many researchers. However, in a standard ABE scheme, the key can only be generated and issued by a central authority. The single authorization center has a heavy load and is vulnerable to attack. Once the center is paralyzed, it will bring serious security consequences. Multi-authorization center attribute encryption (MA-ABE) allows multiple parties to play an authoritative role, which can solve this problem.In this paper, we propose a MA-ABE scheme, which combines a global ID model, a two-stage sampling technique on a lattice and a monotonous linear secret sharing schemes (M-LSSS) to achieve a static security against arbitrary collusion in the random oracle model, in which the access policy of the scheme is expressed by DNF formula. Technically, our scheme is an improvement on the work of Datta et al. (2021), through this improvement, we can get shorter ciphertext and smaller key size.

Ensuring Privacy in Wireless Channels with Physical Layer Security: A Survey of Encryption Strategies

This paper reviews various encryption strategies designed to enhance privacy in wireless communication, with a focus on leveraging physical layer security. Exploring techniques that utilize inherent wireless channel features for secure communication, the survey presents the strengths and challenges of each method. The aim is to provide a straightforward overview for researchers, practitioners, and decision-makers, about the evolving landscape of encryption methods in wireless channels for improved privacy. Furthermore, it discusses how these physical layer key generation techniques can be integrated with advanced technologies by providing a suggested model by combining the Machine learning and the Multi authority ciphertext-policy attribute-based encryption (CP-ABE) to ensure privacy in wireless channels.

Robust, revocable, forward and backward adaptively secure attribute-based encryption with outsourced decryption1

Attribute based encryption (ABE) is a cryptographic technique allowing fine-grained access control by enabling one-to-many encryption. Existing ABE constructions suffer from at least one of the following limitations. First, single point of failure on security meaning that, once an authority is compromised, an adversary can either easily break the confidentiality of the encrypted data or effortlessly prevent legitimate users from accessing data; second, the lack of user and/or attribute revocation mechanism achieving forward and backward secrecy; third, a heavy computation workload is placed on data user; last but not least, the lack of adaptive security in standard models. In this paper, we propose the first single-point-of-failure free multi-authority ciphertext-policy ABE that simultaneously (1) ensures robustness for both decryption key issuing and access revocation while achieving both backward and forward secrecy; (2) enables outsourced decryption to reduce the decryption overhead for data users that have limited computational resources; and (3) achieves adaptive (full) security in standard models. The provided theoretical complexity comparison as well as the conducted experiments show that our construction introduces linear storage and computation overheads that occurs only once during its setup phase, which we believe to be a reasonable price to pay to achieve all previous features.

A Policy-Hiding Attribute-Based Access Control Scheme in Decentralized Trust Management

Internet of Medical Things (IoMT) technologies significantly improve the quality of health care, especially at the time when COVID-19 is becoming a worldwide pandemic. Due to the complexity of devices and user nodes in the IoMT system, there should be some ways to ensure the security and quality of the service or information. Decentralized trust management techniques are efficient means of promoting application security and reliability in these cases. However, the majority of currently utilized access control schemes cannot be applied in decentralized trust management systems or perform poorly owing to the numerous restrictions of decentralized systems. In this paper, we present a policy-hiding and multi-authority key generation CP-ABE scheme (PM-CPABE) for decentralized trust management systems, which could provide fine-grained access control capabilities. Meanwhile, the proposed scheme does not require any fully trusted entity, thus it can be well adapted to decentralized trust management systems. The scheme also implements policy hiding to protect user privacy. In addition, it supports large universe and outsourced decryption. The security analyses and performance comparisons give evidence of our scheme is security and efficient.

Multiauthority Ciphertext Policy-Attribute-Based Encryption (MA-CP-ABE) with Revocation and Computation Outsourcing for Resource-Constraint Devices

Fog computing accredits by utilizing the network edge while still rendering the possibility to interact with the cloud. Nevertheless, the features of fog computing are encountering several security challenges. The security of end users and/or fog servers brings a significant dilemma in implementing fog computing. The computational power of the resources constrains Internet of Things (IoT) devices in the fog-computing environment. Therefore, an attacker can easily attack. The traditional methods like attribute-based encryption (ABE) techniques are inappropriate for resource-constraint devices with protracted computing and limited computational capabilities. In this regard, we investigate a multiauthority ciphertext policy-attribute-based encryption (MA-CP-ABE) method that enables multiauthority attribute revocation and computation outsourcing. Moreover, the encryption and decryption processes of resource-constraint IoT devices are outsourced to the fog nodes. In this way, it also reduces the computational burden of the resource-constraint IoT devices. Hence, we propose MA-CP-ABE for encryption and decryption, attribute revocation and outsourcing by reducing the computational burden and securing the system. We compare the computational offloading approach with the existing techniques to prove that the proposed approach outperforms the existing approaches. The proposed method reduces the operation time for the encryption and decryption process. We outsource cryptography operations to the fog node, reducing the end user’s computational cost. Eventually, simulated outcomes are used to assess the algorithm’s computational cost.

Online/Offline MA-CP-ABE with Cryptographic Reverse Firewalls for IoT

Devices in the Internet of Things (IoT) usually use cloud storage and cloud computing to save storage and computing cost. Therefore, the efficient realization of one-to-many communication of data on the premise of ensuring the security of cloud storage data is a challenge. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can not only protect the security of data in the cloud and achieve one-to-many communication but also achieve fine-grained access control for data. However, the single-authority CP-ABE faces the crisis of single point of failure. In order to improve security, the Multi-Authority CP-ABE (MA-CP-ABE) is adopted. Although there are provably-secure MA-CP-ABE schemes, Edward Snowden's research shows that provably-secure cryptographic schemes are vulnerable to backdoor attacks, resulting in secret disclosure, and thus threatening security. In addition, ABE requires huge computational overhead in key generation, encryption and decryption, which increase with the increase in the number of attributes and the complexity of the access structure, and there are a large number of resource-constrained devices in the IoT. To mitigate this issue, we construct the Online/Offline MA-CP-ABE with Cryptographic Reverse Firewalls (OO-MA-CP-ABE-CRFs) scheme. This scheme not only uses Cryptographic Reverse Firewall (CRF) to resist backdoor attacks but also uses online/offline key generation, online/offline encryption and outsourcing encryption technology to optimize the efficiency of the MA-CP-ABE scheme with reverse firewall, reducing the storage and computing cost of users. Finally, the security of the OO-MA-CP-ABE-CRFs scheme is proved, and the experimental results indicate that the scheme is efficient and practical.

Fine-grained access control of files stored in cloud storage with traceable and revocable multi-authority CP-ABE scheme

Fine-grained access control of files stored in cloud storage with traceable and revocable multi-authority CP-ABE scheme

Fine-grained access control of files stored in cloud storage with traceable and revocable multi-authority CP-ABE scheme

Fine-grained access control of files stored in cloud storage with traceable and revocable multi-authority CP-ABE scheme

Outsourcing multiauthority access control revocation and computations over medical data to mobile cloud

With recent advances in cloud computing, mobile devices are increasingly being used to record patient physiological parameters, and transfer them to a cloud-based hospital information system, for access control mediation over a variety of stakeholders. In such a cloud-based architecture, the patient must specify an access policy for a group of authorized parties towards its outsourced data. Multiauthority ciphertext-policy attribute-based encryption (CP-ABE) was provided as an innovative cloud-based access control cryptographic primitive to tackle the key escrow issue in a centralized architecture, and boost flexibility through cross-domain attributes management. Existing works, however, still have glaring drawbacks. First, they still rely on a trusted authority to generate and distribute user secret keys. Second, they do not simultaneously provide encryption, decryption, or revocation outsourcing, resulting in high processing and communication cost for both the data sender and the data receiver. Third, they do not support both user and attribute revocation, and the integrity of ciphertext downloaded from the cloud is not always verified at the user end. As a result, this paper exploits the dummy attribute technique and introduces a novel, efficient, and secure multiauthority ciphertext-policy ABE method for mediating access control over medical data, in the mobile cloud. The ciphertext access policy enforcement, partial ciphertext decryption, and both the user and attribute indirect revocation updates are safely outsourced to the cloud server in this study. Theoretical analysis demonstrates that our scheme is efficient and verifiable, and we prove that our construction is secure under the decisional bilinear Diffie-Hellman assumption.

RMA-CPABE : A multi-authority CPABE scheme with reduced ciphertext size for IoT devices

Internet of Things (IoT) generates a massive amount of data, which can be prone to huge data and privacy leaks unless given a proper access control. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic mechanism that provides confidentiality and fine-grained access to stored data. In CP-ABE, a single trusted authority primarily handles attribute management and its revocation. However, in an environment like IoT, due to its heterogeneous nature, the attributes from multiple domains are evidently inherited by IoT devices and hence develop a need for a multi-authority scheme. Therefore, this paper proposes a novel multi-authority CP-ABE scheme with reduced-size ciphertext (RMA-CPABE) to provide secure access in fog-enabled IoT applications with attributes from multiple domains. This scheme considers the resource-constrained nature of IoT devices and reduces the ciphertext size in the sense that the ciphertext size does not increase linearly with the number of attributes; instead, it increases linearly with the number of multi-domain attribute authorities involved in the policy building. RMA-CPABE supports highly required functionalities like attribute update and outsourced decryption to reduce the computation load on the end devices. Further, the proposed scheme is the first to eliminate the most expensive ciphertext update operation during attribute revocation and addition, which is the biggest drawback of most of the existing schemes. The end-user in RMA-CPABE requires holding only a constant size key to access the ciphertexts securely. The security analysis proves that the proposed scheme is secure against Chosen-Ciphertext Attack (CCA) under multiple augmented Multi-Sequence of Exponents Decisional Diffie Hellman (maMSE-DDH) assumptions. The performance analysis shows that RMA-CPABE is suitable for IoT applications.

Toward Secure and Privacy-Preserving Cloud Data Sharing: Online/Offline Multiauthority CP-ABE With Hidden Policy

The continuous development of cloud storage service technology, secure access control, and privacy issues have attracted more and more attention. The previous ciphertext policy attribute-based encryption (CP-ABE) schemes with the function of hidden policy are only suitable for a single authority, and the existing multiauthority CP-ABE schemes do not realize the hidden policy. In addition, a large number of schemes utilize AND gate access policies so that expressiveness is weak. In this article, a scheme of online/offline multiauthority CP-ABE supporting the policy hiding function is proposed. The proposed scheme uses a combination of multiple attribute authorities (AAs) and one central authority (CA). Each AA, respectively, controls different attribute sets and distributes attribute private keys to users. Moreover, the AA can also relieve the computation overhead of the CA. In order to enhance the expressiveness than that of the existing schemes, we adopt the access policy of the linear secret sharing scheme. In the previous schemes, the access policy is used as the ciphertext component and uploaded directly to the cloud server. Especially, in the scenario of medical cloud data sharing, access policy may contain sensitive information. Therefore, the proposed scheme preserves privacy information by realizing the technology of the hidden policy. To improve the performance, our scheme utilizes the online/offline encryption to achieve a low computation cost in the online phase. Additionally, we also proved that the proposed scheme is secure based on the standard model.

Multi authority Ciphertext-Policy Attribute-Based encryption for security enhancement in cloud storage unit

Multi Authority Ciphertext-Policy Attribute-Based Encryption (MCP-ABE) can be developed aimed at enabling efficient secure operation in this research. The proposed methodology is developed to achieve two main characteristics such as to avoid multiuser illegal share their private key and provide data owner to access the data and flexibility to change their access policy. The proposed methodology is providing high security of multi authority with different traceable and dynamic policy updating procedure. The proposed method is implemented in Java and analyzed with performance metrices such as key size, computation time and functionality. Compared to traditional cryptographic methods, attribute-based encryption has a number of benefits, including its adaptable and fine-grained control of access. Additionally, it is independent of key sharing and management methods that may protect against security attacks, a method of undermining encryption. The proposed methodology is protecting the users with different conditions such as data protection, fraud prevention, message detection and general attack resistance. To validate the performance of the proposed methodology, it can be contrasted with the conventional methods such as Ciphertext-Policy Attribute-Based Signcryption with Outsourced Designcryption (CP-OABSC) and revocable signature (CP-ABSC) with Ciphertext-Policy Attribute-Based Signcryption With Accountable and Verifiable Outsourced Designcryption (CP-ABSc-AVODs) respectively.

Revocable and Privacy-Preserving Decentralized Data Sharing Framework for Fog-Assisted Internet of Things

Fog-assisted Internet of Things (IoT) can outsource the massive data of resource-constraint IoT devices to cloud and fog nodes (FNs). Meanwhile, it enables convenient and low time-delay data-sharing services, which relies heavily on high security of data confidentiality and fine-grained access control. Many efforts have been focused on this urgent requirement by leveraging ciphertext-policy attribute-based encryption (CP-ABE). However, when deployed in fog-assisted IoT systems for secure data sharing, it remains a challenging problem of how to preserve attribute privacy of access policy, and trace-then-revoke traitors (i.e., malicious users intending to leak decryption keys for illegal profits) efficiently and securely in such a large scale and decentralized environment with resource-constraint user devices, especially in consideration of misbehaving cloud and FNs. Therefore, in this article, we propose a revocable and privacy-preserving decentralized data-sharing framework (RPDDSF) by designing a large universe and multiauthority CP-ABE scheme with fully hidden access policy for secure data sharing in IoT systems to achieve user attribute privacy preserving with unbounded attribute universe and key escrow resistance suitable for large scale and decentralized environment. Based on this, with RPDDSF, anyone can efficiently expose the traitors and punish them by forward/backward secure revocation. Besides, RPDDSF is able to guarantee data integrity for both data owners (DOs) and users to resist misbehaving cloud and FNs, alongwith low computation overhead for resource-constraint devices. Finally, RPDDSF is proven to be secure with detailed security proofs, and its high efficiency and feasibility are demonstrated by extensive performance evaluations.

Practical revocable and multi-authority CP-ABE scheme from RLWE for Cloud Computing

Cloud computing provides enterprises and individuals with unlimited computing resources and expandable storage space. However, data leakage occurs frequently due to the lack of protection measures in the cloud storage environment. Consequently, how to protect data security in the cloud has become a critical issue. Attribute-based encryption (ABE) is an emerging encryption technique, which protects sensitive information and provides access control for data stored in the cloud. However, most of existing ABE schemes cannot resist quantum attacks and lack the capability of implementing flexible revocation on user or attribute when the attributes of a user change, which hinders the practical application of ABE. In this research, we present a Revocable and Multi-authority ciphertext-policy attribute-based encryption (RM-CP-ABE) from the ring learning with errors (RLWE) assumption, which supports multi-authority and multi-valued attributes. The scheme allows multiple authorities to involve in key distribution, and achieves the attribute revocation when the user’s access rights change. Also, the scheme enjoys reasonable computational cost and storage overhead, and is proven selectively secure under the RLWE assumption. The simulation results indicate that the performance of the proposed scheme is acceptable for practical applications.

MACFI: A multi-authority access control scheme with efficient ciphertext and secret key size for fog-enhanced IoT

With the rapid development of Internet of things (IoT), the number of connected devices and the data generated by them are increasing dramatically. This led to the development of paradigm fog computing, which facilitates data analysis and processing at the edge. Along with fog, cloud co-exists to provide massive storage, processing resources, etc. However, data storage and computation at multiple levels raise the risk of data security. Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technique for providing fine-grained access control. Unfortunately, the existing multi-authority CP-ABE schemes are incompatible with resource-limited IoT devices as the ciphertext and secret key size grow linearly with the number of attributes. Therefore, we propose a multi-authority CP-ABE scheme named MACFI, where the ciphertext and secret key size are efficient. The size of the secret key held by the user is constant irrespective of the number of attributes. And, the ciphertext size increases linearly with the number of authorities rather than the number of attributes. Further, expensive decryption operations are outsourced to fog, which reduces the computation overhead of data users. Additionally, the overall encryption and decryption time are highly efficient. According to security and performance analysis, MACFI is secure and suitable for IoT applications.