Multi-authority Ciphertext-policy Attribute-based Encryption Research Articles

Authority revocation scheme for MA-CP-ABE-based secure communication in IoMT ecosystem

The proliferation of the internet of medical things (IoMT) is proving to be a disruptive technology in contemporary healthcare. However, given the sensitivity of the nature of data being shared in this system security, and privacy are critical issues. Attribute-based encryption is a proactive technique for efficient one-to-many data sharing. Specifically, multi-authority-ciphertext policy-attribute-based encryption (MA-CP-ABE) is a suitable method given the multi-stakeholder ecosystem of IoMT-based healthcare. In this work, conventional MA-CP-ABE techniques have been modified to address several existing security limitations. To the best of our knowledge, the proposed work is first to address fault tolerance in MA-CP-ABE, without any redundancy at attribute authority's level and to develop a mechanism for full and partial revocation of compromised authority. A non-monotonic fully hidden access structure further enhances the security of the scheme while efficiently performing encryption/decryption operations even for a large number of attributes, making it suitable for the secure sharing of IoMT data.

Blockchain-Based Digital Rights Management Scheme via Multiauthority Ciphertext-Policy Attribute-Based Encryption and Proxy Re-Encryption

In order to ensure the confidentiality of digital contents, improve the fairness of digital copyright transactions, and reduce the time and management overhead of digital copyright owners, we proposed a blockchain-based digital rights management scheme. First, we designed a new multiauthority ciphertext-policy attribute-based encryption (MA-CPABE) scheme and showed that the new MA-CPABE has the indistinguishability of plaintext under adaptively chosen plaintext attack (IND-CPA) security and good performance. By combining the MA-CPABE and proxy re-encryption, the rights owner can flexibly sell the copyright to different users with once encryption by an agent who cannot access any information related to digital content when changing the ciphertext access policy as required. By using the smart contract of Ethereum, a fair trade of the decryption keys between the rights owner and rights requester is implemented. In order to further improve fairness, another blockchain is used as a ledge to store information related to digital rights, which greatly reduces the storage overhead in public blockchain. Security analysis shows that our scheme can provide IND-CPA security, resist collusion attacks, and protect the user’s privacy. Performance analysis shows that our scheme can provide a wealth of features to meet the various needs of users. The simulation results show that our scheme is very efficient compared to other schemes.

A CP-ABE scheme based on multi-authority in hybrid clouds for mobile devices

With the rapid development of cloud computing, the ensuing security issues have become increasingly prominent. In this context, attribute-based encryption (ABE) has gradually attracted widespread attentions due to its unique attribute matching mechanism. At the same time, mobile devices have put forward higher requirements for the design and deployment of ABE schemes. Therefore, in this paper, we propose an original hybrid cloud multi-authority ciphertext-policy attribute-based encryption (HCMACP-ABE) scheme. Specifically, we utilize the LSSS (Linear Secret-Sharing Schemes) access structure to realize secure access control, while the private cloud is responsible for maintaining the user’s authorization list and verifying the user. Finally, we prove that our proposal achieves IND-CCA secure and is efficient in a mobile hybrid cloud environment.

Multiauthority Attribute-Based Encryption with Traceable and Dynamic Policy Updating

Ciphertext policy attribute-based encryption (CP-ABE) is an encryption mechanism that can provide fine-grained access control and adequate cloud storage security for Internet of Things (IoTs). In this field, the original CP-ABE scheme usually has only a single trusted authority, which will become a bottleneck in IoTs. In addition, different users may illegally share their private keys to obtain improper benefits. Besides, the data owners also require the flexibility to change their access policy. In this paper, we construct a multiauthority CP-ABE scheme on prime order groups over a large attribute universe. Our scheme can support white-box traceability along with policy updates to solve the abovementioned three problems and, thus, can fix the potential requirements of IoTs. More precisely, the proposed scheme supports multiple authority, white box traceability, large attribute domains, access policy updates, and high expressiveness. We prove that our designed scheme is static secure and traceable secure based on the state-of-the-art security models. Moreover, by theoretical comparison, our scheme has better performance than other schemes. Finally, extensive experimental comparisons show that our proposed algorithm can be better than the baseline algorithms.

Enabling Efficient Decentralized and Privacy Preserving Data Sharing in Mobile Cloud Computing

Mobile cloud computing (MCC) is embracing rapid development these days and able to provide data outsourcing and sharing services for cloud users with pervasively smart mobile devices. Although these services bring various conveniences, many security concerns such as illegally access and user privacy leakage are inflicted. Aiming to protect the security of cloud data sharing against unauthorized accesses, many studies have been conducted for fine‐grained access control using ciphertext‐policy attribute‐based encryption (CP‐ABE). However, a practical and secure data sharing scheme that simultaneously supports fine‐grained access control, large university, key escrow free, and privacy protection in MCC with expressive access policy, high efficiency, verifiability, and exculpability on resource‐limited mobile devices has not been fully explored yet. Therefore, we investigate the challenge and propose an Efficient and Multiauthority Large Universe Policy‐Hiding Data Sharing (EMA‐LUPHDS) scheme. In this scheme, we employ fully hidden policy to preserve the user privacy in access policy. To adapt to large scale and distributed MCC environment, we optimize multiauthority CP‐ABE to be compatible with large attribute universe. Meanwhile, for the efficiency purpose, online/offline and verifiable outsourced decryption techniques with exculpability are leveraged in our scheme. In the end, we demonstrate the flexibility and high efficiency of our proposal for data sharing in MCC by extensive performance evaluation.

PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems

Attribute-based encryption (ABE) has evolved as an efficient and secure method for storage of data with fine-grained access control in cloud platforms. In recent years, increasing diversification in the design of ABE schemes has led to significant research in the assimilation of properties like traceability, revocation, and outsourcing decryption. However, most of the recent ABE schemes incorporate few of these properties and hence lack in robustness to adapt with varying demands of cloud systems. In modern ABE designs, the notions of forward and backward secrecy have been introduced to accommodate the delegation of a large number of heterogeneous users in the system. In general, these features are realized under the concept of user revocation. On the other hand, to control malicious users in the system, it is necessary to implement traceability in integration with user revocation. Finally, for resource-constrained users, outsourcing decryption to proxy servers is a viable option. Thus, we propose PMTER-ABE, a practical decentralized multi-authority traceable and efficiently revocable attribute-based cryptosystem with outsourcing decryption advantage. The key features of our cryptosystem are (i) incorporating large attribute universe with highly expressive policies, (ii) integrating forward and backward secrecy under user revocation, (iii) implementing white-box traceability to detect malicious users, and (iv) outsourcing decryption to reduce the computational overhead of decryption on users. We present the formal proofs for correctness, security, and traceability of PMTER-ABE along with performance analysis. The efficiency and usability of PMTER-ABE is shown with practical implementation and experimental results.

A Traceable and Revocable Multiauthority Attribute-Based Encryption Scheme with Fast Access

Multiauthority ciphertext-policy attribute-based encryption (MA-CP-ABE) is a promising technique for secure data sharing in cloud storage. As multiple users with same attributes have same decryption privilege in MA-CP-ABE, the identity of the decryption key owner cannot be accurately traced by the exposed decryption key. This will lead to the key abuse problem, for example, the malicious users may sell their decryption keys to others. In this paper, we first present a traceable MA-CP-ABE scheme supporting fast access and malicious users’ accountability. Then, we prove that the proposed scheme is adaptively secure under the symmetric external Diffie–Hellman assumption and fully traceable under the q -Strong Diffie–Hellman assumption. Finally, we design a traceable and revocable MA-CP-ABE system for secure and efficient cloud storage from the proposed scheme. When a malicious user leaks his decryption key, our proposed system can not only confirm his identity but also revoke his decryption privilege. Extensive efficiency analysis results indicate that our system requires only constant number of pairing operations for ciphertext data access.

ICN Naming Scheme with Attribute-Based Access Control

ICN (Information Centric Networking) could be a replacement network design that ambitions to beat the vulnerability of present IP based networking design. ICN depends on information, i.e. data, which is exchanged over the network, rather than creating a link between the interacting hosts. ICN content clone may be stored at various locations. Here they have to build security and privacy for the entire system. Here 4 important roles are concentrated. The first role is the Data Owner. Here, the data owner should be properly authenticated for the upload of the file. The Second role is Attribute Authority. Here the Attribute Authority will receive both Data owner and Data Consumer request. Data Owner is used to OTP Authentication. That OTP is passed through the Email. Using that OTP to access our ICN server. OTP is used for full secure access to upload our file in ICN server. OTP is a one-time password to access our ICN server. It will be very secure to access our file in the ICN server. The Third role is Data Consumer. Data Consumers will enter the request for attribute key will send to attribute authority. Using the attribute key, the consumer has the privilege to send a request for file key. The final role is ICN server. It is used for storage purpose. This maintains a File Upload and Download history which is encrypted data from data owners and the data consumer. They create a multi-authority CP-ABE structure which features: 1) A scheme may not require a completely authorized central authority, and all attribute authorities may give secret keys to users on an individual basis; 2) Every attribute authority may automatically exclude any user by its jurisdiction so those withdrawn users will not access to the outsourced information afterwards.; 3) ICN servers may upgrade encrypted data from the actual timeline onto the next in this manner which revoked users are unable to access previously relevant information, and 4) updates of secret keys and encrypted content are carried out from a public manner. The benefits of our design are demonstrated by contrasting it with related works and by applying it too far to show its practicality. In addition, the suggested method is shown to be safe in the random oracle method.

A Blockchain-based access control scheme with multiple attribute authorities for secure cloud data sharing

Abstract Ciphertext-policy attribute-based encryption(CP-ABE) has been widely studied and used in access control schemes for secure data sharing. Since in most of the existing attribute-based encryption methods, all user attributes are managed by a single central authority, it is easy to cause a single point of failure. Therefore, several multi-authority CP-ABE schemes are proposed to manage user attributes by multiple authorities. However, these schemes still do not eliminate the single point of failure in essence or suffer from high computation and communication overhead on data users. In this paper, we propose a Blockchain-based Multi-authority Access Control scheme called BMAC for sharing data securely. Shamir secret sharing scheme and permissioned blockchain (Hyperledger Fabric) are introduced to implement that each attribute is jointly managed by multiple authorities to avoid single point of failure. In addition, we take advantage of blockchain technology to establish trust among multiple authorities and exploit smart contracts to compute tokens for attributes managed across multiple management domains, which reduces communication and computation overhead on the data user side. Moreover, blockchain helps to record the access control process in a secure and auditable way. Finally, we analyze the security of the proposed algorithm. Further analysis and comparison show the performance of the proposed method.

Research on multi-authority CP-ABE access control model in multicloud

In order to solve the problems of data sharing security and policy conflict in multicloud storage systems (MCSS), this work designs an attribute mapping mechanism that extends ciphertext policy attribute-based encryption (CP-ABE), and proposes a multi-authority CP-ABE access control model that satisfies the need for multicloud storage access control. The mapping mechanism mainly involves the tree structure of CP-ABE and provides support for the types of attribute values. The framework and workflow of the model are described in detail. The effectiveness of the model is verified by building a simple prototype system, and the performance of the prototype system is analyzed. The results suggest that the proposed model is of theoretical and practical significance for access control research in MCSS. The CP-ABE has better performance in terms of computation time overhead than other models.

Multi authority access control mechanism for secure cloud storage

Cloud stockpiling encourages the two people and ventures to cost adequately share their information over the Internet. In any case, this furthermore carries irksome challenges to the passageway control of shared data since relatively few cloud servers can be totally trusted. Right now, present check and monetarily wise property-based data find a good pace conveyed capacity structures. Specifically, we manufacture a multiauthority CP-ABE plot that features: 1) the system needn't waste time with a totally trusted in central force, and all property pros self-ruling issue puzzle keys for customers; 2) every trademark authority can continuously oust any customer from its space with the ultimate objective that those revoked customers can't find a good pace way redistributed data; 3) cloud servers can invigorate the mixed data from the present timespan to the accompanying one to such a degree, that the denied customers can't find a good pace available data; and 4) the update of secret keys and ciphertext is acted in an open manner.

Privacy Protection Scheme Based on CP-ABE in Crowdsourcing-IoT for Smart Ocean

Crowdsourcing is a novel distributed problem-solving mechanism that can provide the collection and share of marine data in the Internet of Things for the smart ocean. Nevertheless, the privacy leakage issue caused by multirole information interaction in crowdsourcing brings a serious challenge to the smart ocean. In this article, we propose a crowdsourcing privacy protection scheme based on multiauthority ciphertext-policy attribute-based encryption to enhance privacy protection in the data sharing environment. In this scheme, we design an independent key component distribution approach through multiple authorities, which could effectively disperse the security responsibility from the crowdsourcing platform. Then, we present the idea of partial decryption on the platform to reduce the computing cost of mobile users and prevent the platform from snooping on users’ data. Moreover, we put forward an efficient attribute revocation mechanism and a task search function in the scheme to achieve dynamic on-demand services while ensuring the forward and backward security of tasks. Theoretical analysis proves the correctness of both decryption and keywords matching, and the security of each involved entity. The simulation results show that our proposed scheme achieves a significant improvement in reducing time consumption compared with several related schemes.

Practical traceable multi-authority CP-ABE with outsourcing decryption and access policy updation

Multi-authority ciphertext policy attribute-based encryption (CP-ABE) is one of the promising approaches where multiple authorities issue and manage various attributes to achieve fine-grained access control on stored data in cloud platforms. However, the practical use of multi-authority CP-ABE (MCP-ABE) requires satisfaction of different features. Firstly, in MCP-ABE, users having the same set of attributes must share the same decryption privileges. This may potentially lead to exposure of decryption keys by some malicious users. Thus, there is a need of designing MCP-ABE with traceability to overcome this problem. Secondly, as the cost of decryption increases with the complexity of access policy, it is preferred to provide the functionality of outsourcing decryption to reduce the computational burden on the user. Finally, the data owners must have flexibility to change the access policy. Hence, policy updation must be an integral part of MCP-ABE scheme. In this paper, we construct a new multi-authority CP-ABE scheme over large attribute universe with decentralization of authorities that supports white-box traceability along with policy updation and outsourcing decryption. Our proposed cryptosystem is built on prime order groups and supports monotonic access structures. These features improve efficiency and expressiveness of our system. We implemented our proposed cryptosystem in Charm cryptographic framework and analyzed its performance with a diverse set of test cases.

Black‐Box and Public Traceability in Multi‐authority Attribute Based Encryption

Ciphertext-policy Attribute-based encryption (CP-ABE) is a promising tool for implementing finegrained cryptographic access control. While the uniqueness of generating private keys brings extra security issues. The key escrow is inherent in CP-ABE systems because the trusted authority has the power to decrypt every ciphertext. The private keys are only associated with the attributes nor the user's identity. Some malicious users might be tempted to leak their decryption privileges for financial gain without the risk of being caught as the decryption privilege could be shared by multiple users who own the same set of attributes. We propose a new multiauthority CP-ABE with blackbox and public traceability, where the private keys are assigned by the cooperation between one central authority and multi-authorities. The performance and security analyses indicate that the proposed scheme is highly efficient and provably secure under the security model.

HHDSSC: harnessing healthcare data security in cloud using ciphertext policy attribute-based encryption

The advancement of cloud computing has great impact on the medical sector. Due to its storage facility, e-healthcare has emerged as a promising healthcare solution for providing fast and immediate treatment to patients. The PHRs collected and outsourced in the cloud leads to security concern. The data outsourced in the cloud is no more under the direct control of the patient, hence data should be encrypted prior its storage. Existing works based on group signature require high amount of computation. Other issues like confidentiality of private data, efficient key distribution, scalable and flexible fine-grained data access, revocation and tracing the malicious user is yet to be addressed to maintain the integrity of the patients. In this manuscript, we propose EPOC-1-based multi authority CP-ABE which can trace and revoke the malicious user who leaks the real identity and confidential data of the patient without any storage overhead. This methodology of white-box traceability presented in this manuscript, traces the malicious user efficiently. The proposed scheme is validated with some existing policies and makes the healthcare domain more securable under the cloud setup.

HHDSSC: harnessing healthcare data security in cloud using ciphertext policy attribute-based encryption

The advancement of cloud computing has great impact on the medical sector. Due to its storage facility, e-healthcare has emerged as a promising healthcare solution for providing fast and immediate treatment to patients. The PHRs collected and outsourced in the cloud leads to security concern. The data outsourced in the cloud is no more under the direct control of the patient, hence data should be encrypted prior its storage. Existing works based on group signature require high amount of computation. Other issues like confidentiality of private data, efficient key distribution, scalable and flexible fine-grained data access, revocation and tracing the malicious user is yet to be addressed to maintain the integrity of the patients. In this manuscript, we propose EPOC-1-based multi authority CP-ABE which can trace and revoke the malicious user who leaks the real identity and confidential data of the patient without any storage overhead. This methodology of white-box traceability presented in this manuscript, traces the malicious user efficiently. The proposed scheme is validated with some existing policies and makes the healthcare domain more securable under the cloud setup.

Attribute Ibase Cloudidata Iintegrity I Check Out Ifor Isecure I Outsourced Istorage

Property based Encryption (ABE) is viewed as a promising cryptographic leading instrument to ensure information proprietors’ immediate authority over their information in open distributed storage. The prior ABE plans include just a single position to keep up the entire trait set, which can bring a solitary point bottleneck on both security and execution. Accordingly, some multi-authority plans are proposed, in which different specialists independently keep up disjoint trait subsets. Be that as it may, the single-point bottleneck issue stays unsolved. In this paper, from another viewpoint, we direct an edge multi-authority CP-ABE access control conspire for open distributed storage, named SMAAC, in which various specialists together deal with a uniform quality set. In SMAAC, exploiting (t; in) edge mystery sharing, the ace key can be shared among various specialists, and a legitimate client can create his/her mystery key by associating with any it specialists. Security and execution investigation results show that SMAAC isn’t just obvious secure when not as much as it specialists are undermined, yet in addition strong when no not as much as it specialists are alive in the framework. Besides, by productively consolidating the customary multi-authority conspire with SMAAC, we build a half and half one, which fulfills the situation of properties originating from various specialists just as accomplishing security and framework level strength

A decentralized multi-authority ciphertext-policy attribute-based encryption with mediated obfuscation

To ensure security and obtain fine-grained data access control policies in many management domains, multi-authority attribute-based encryption (MA-ABE) schemes were presented and have been applied in cloud storage system. There exist certain scenes where the application domains managed by different attribute authorities ($$ AAs $$) often change, and hence domain managements require more autonomous and independent. However, most of existing schemes do not support flexible managements. In order to support dynamic managements, we propose a new decentralized ciphertext-policy MA-ABE scheme with mediated obfuscation (MA-DCP-ABE-WMO) where each of $$ AAs $$ works independently without any interaction with other $$ AAs $$. When issuing a secret key to a user, each of $$ AAs $$ uses his secret to compute a share of the system master secret. Data are encrypted under the public keys of attribute management domains. To resist collusion attack, a common pseudorandom function $$ PRF( \cdot ) $$ is shared among $$ AAs $$ and is used to randomize each user’s global identifier $$ Gid $$. The randomized $$ Gid $$ is adopted to unify all target messages which need to be reconstructed from different management domains. We first introduce the mediated obfuscation (MO) model into MA-ABE scheme to provide online service and the interaction works among data owner, data user and the mediator. In the MO model, we define a special functional encryption scheme where the function program can be coded into an element of the multiplicative cyclic group. We obfuscate the function by randomly selecting a blinding factor to conduct exponent arithmetic with the base of the function. A special input of the function is constructed to cancel the blinding factor when calling the obfuscated function. It makes other participants know nothing about the inner function program but can evaluate the function program. Furthermore, the MA-DCP-ABE-WMO scheme is proved to be secure. Compared with related schemes, our scheme is suitable to dynamic domain managements. When the management domains are added or removed, the workload to update original ciphertexts and private keys is dramatically reduced.

Decentralized, Revocable and Verifiable Attribute-Based Encryption in Hybrid Cloud System

Cloud can provide storage space and services for data owners to host their data, where data privacy and confidentiality become critical issues. Ciphertext policy attribute-based encryption (CP-ABE) is one of the most suitable methods to protect data privacy and provide structured access control. In this paper, we propose a multi-authority CP-ABE scheme with a direct attribute revocation mechanism, cause revocation is an inevitable problem in the application process. Under our proposed revocation mechanism, the remaining users need not to update their secret keys when revocation happens. It relies on the matching of public keys’ version and ciphertext’ version. In a cloud storage model, the update of ciphertext is executed by public cloud, which cannot be fully trusted by data owners. In this case, we propose a hybrid CP-ABE cloud storage model aiming at solving the public cloud trust management problem. The data owners can authorize private cloud to verify whether their ciphertexts have been updated to the newest version. In addition, we prove our construction secure in selective-CPA model. Finally, we compare our scheme with similar multi-authority CP-ABE schemes from functionality, communication overhead and computation cost. The simulation results show that our scheme is more efficient than similar works in encryption, decryption and revocation stages.

Security and Efficiency Enhanced Revocable Access Control for Fog-Based Smart Grid System

With the popularity of smart grids, plentiful of smart devices have been put into use, such as smart meters and power assets. Due to limited computation capabilities and storage spaces of these devices, the collected data need to be “outsourced” towards the data server for processing and storage. The data owners, therefore, lose direct control over these “outsourced” data, leading to significant security issues of the users’ data. In this paper, aiming at solving this problem, we propose a multi-authority Ciphertext Policy Attribute-based Encryption (CP-ABE) scheme with revocation for the fog-based smart grid system. Specifically, in order to achieve attribute revocation without requiring users to be always online, we use the DH (Diffie-Hellman) tree to distribute the group key statelessly, which also solves the problem of collusion attack initiated by revoked user and valid user. To improve security of our proposed scheme, we remove the trusted key authority (KA) by using a secure two-party computation (2PC) protocol between the KA and the cloud service provider to generate user private key. To improve efficiency of our proposed scheme, we combine user and attribute revocation, and outsource complex calculations to fog nodes. Furthermore, our proposed scheme uses attribute group key and leaf private key together to protect user proxy key, which reduces the storage overhead of the system and improves the security. Both security analysis and experimental results demonstrate that our proposed scheme can balance the security objectives with the efficiency.