Revocable Ciphertext-policy Attribute-based Encryption Research Articles

Performance analysis of the proxy-based and collusion-resistant revocable CPABE framework

Performance analysis of the proxy-based and collusion-resistant revocable CPABE framework

TRE-DSP: A traceable and revocable CP-ABE based data sharing scheme for IoV with partially hidden policy

With the popularity of the Internet of Vehicles (IoV), a large amount of data is being generated every day. How to securely share data between the IoV operator and various value-added service providers becomes one of the critical issues. Due to its flexible and efficient fine-grained access control feature, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is suitable for data sharing in IoV. However, there are many flaws in most existing CP-ABE schemes, such as attribute privacy leakage and key misuse. This paper proposes a traceable and revocable CP-ABE-based data sharing with partially hidden policy for IoV (TRE-DSP). A partially hidden access structure is adopted to hide sensitive user attribute values, and attribute categories are sent along with the ciphertext to effectively avoid privacy exposure. In addition, key tracking and malicious user revocation are introduced with broadcast encryption to prevent key misuse. Since the main computation task is outsourced to the cloud, the burden of the user side is relatively low. Analysis of security and performance demonstrates that TRE-DSP is more secure and practical for data sharing in IoV.

A Boolean circuit-based revocable ciphertext policy attribute-based encryption scheme

A Boolean circuit-based revocable ciphertext policy attribute-based encryption scheme

Crypt Cloud: Secure and Expressive Data access by CP-ABE

Secure distributed storage, a new cloud management, is designed to give cloud clients with out-of-control data flexible access to information while maintaining the confidentiality of redistributed data. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising methods for confirming the administration's security. Nevertheless, the inherent "win or bust" decoding feature of CP-ABE may result in an unavoidable security breach known as the abuse of access certification (such as unscrambling rights). In this paper, we research the two major cases of access capability misuse: One is in favor of cloud client, while the other is on the semi-trusted specialist side. To direct the maltreatment, we propose the vitally mindful master and revocable CP-ABE based circulated capacity system with white-box obviousness and auditing, insinuated as CryptCloud+. We also talk about the security investigation and use of our framework in real-world situations

DSVN: A Flexible and Secure Data-Sharing Model for VANET Based on Blockchain

Vehicular Ad Hoc Network (VANET) is an important part of the modern intelligent transportation system, which can provide vehicle communication at a certain distance. More importantly, VANET can provide route planning and autonomous driving for drivers by analyzing data. However, VANET’s data privacy and security are a huge challenge when serving drivers. In this paper, we propose a VANET data-sharing model (DSVN) that combines ciphertext-based attribute encryption (CP-ABE), blockchain, and InterPlanetary File System (IPFS). DSVN uses an outsourced and revocable ciphertext policy attribute-based encryption (ORCP-ABE) scheme, which is improved based on CP-ABE. ORCP-ABE uses key encryption key (KEK) trees to manage user attribute groups and revoke user-level attributes. It eliminates redundant attributes in the access policy by attribute-weighted access trees. Moreover, DSVN has no single point of failure. We demonstrate the indistinguishability under the chosen-plaintext attack (IND-CPA) security of DSVN by a game based on the computational Diffie–Hellman (CDH) assumption. Experimental results show that DSVN can store and share data with low overhead. Additionally, it can revoke attributes of users safely.

Efficient access control with traceability and user revocation in IoT

With the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

A revocable attribute-based access control system using blockchain

Attribute-based access control is an effective cryptographic mechanism that allows a data owner to perform attribute-level access control over users’ access capabilities. In the application background of blockchain, it is urgent to use attribute-based access control to solve a series of security problems. Although there exist several similar schemes, they do not consider attribute revocation. By adopting the attribute revocation technique based on binary trees, we extended Waters’ ciphertext policy attribute-based encryption (CP-ABE) scheme into a revocable CP-ABE (RCP-ABE) scheme. By combining our RCP-ABE with blockchain, we constructed a revocable attribute-based access control system. The new system supports expressive access control policies and allows the attribute authority to revoke users’ attributes or part of their attributes. The security analysis shows that the new system satisfies several ideal properties, i.e., forward security, backward security, confidentiality, and integrity.

An Integrated Privacy Preserving Attribute-Based Access Control Framework Supporting Secure Deduplication

Recent advances in information technologies have facilitated applications to generate, collect or process large amounts of sensitive personal data. Emerging cloud storage services provide a better paradigm to support the needs of such applications. Such cloud based solutions introduce additional security and privacy challenges when dealing with outsourced data including that of supporting fine-grained access control over such data stored in the cloud. In this paper, we propose an integrated, privacy-preserving user-centric attribute based access control framework to ensure the security and privacy of users' data outsourced and stored by a cloud service provider (CSP). The core component of the proposed framework is a novel privacy-preserving, revocable ciphertext policy attribute-based encryption (PR-CP-ABE) scheme. To support advanced access control features like write access on encrypted data and privacy-preserving access policy updates, we propose extended Path-ORAM access protocol that can also prevent privacy disclosure of access patterns. We also propose an integrated secure deduplication approach to improve the storage efficiency of CSPs while protecting data privacy. Finally, we evaluate the proposed framework and compare it with other existing solutions with regards to the security and performance issues.

O3-R-CP-ABE: An Efficient and Revocable Attribute-Based Encryption Scheme in the Cloud-Assisted IoMT System

With the processes of collecting, analyzing, and transmitting the data in the Internet of Things (IoT), the Internet of Medical Things (IoMT) comprises the medical equipment and applications connected to the healthcare system and offers an entity with real time, remote measurement, and analysis of healthcare data. However, the IoMT ecosystem deals with some great challenges in terms of security, such as privacy leaking, eavesdropping, unauthorized access, delayed detection of life-threatening episodes, and so forth. All these negative effects seriously impede the implementation of the IoMT ecosystem. To overcome these obstacles, this article presents an efficient, outsourced online/offline revocable ciphertext policy attribute-based encryption scheme with the aid of cloud servers and blockchains in the IoMT ecosystem. Our proposal achieves the characteristics of fine-grained access control, fast encryption, outsourced decryption, user revocation, and ciphertext verification. It is noteworthy that based on the chameleon hash function, we construct the private key of the data user with collision resistance, semantically secure, and key-exposure free to achieve revocation. To the best of our knowledge, this is the first protocol for a revocation mechanism by means of the chameleon hash function. Through formal analysis, it is proven to be secure in a selectively replayable chosen-ciphertext attack (RCCA) game. Finally, this scheme is implemented with the Java pairing-based cryptography library, and the simulation results demonstrate that it enables high efficiency and practicality, as well as strong reliability for the IoMT ecosystem.

Secure Data Sharing with Efficient Key Update for Industrial Cloud-based Access Control

Sharing data in industrial cloud requires both secure and flexibility management of data shared among users in the industry. Users should have ability to access authorized portion of data from smart edge devices with integrated secure protocol for interacting with cloud storage. Among cryptographic-based access control solutions, ciphertext-policy attribute-based encryption (CP-ABE) is recognized as a suitable solution for supporting secure and fine-grained data access control for outsourced data. However, the attribute revocation is a major drawback of CP-ABE since it introduces subsequent costs such as ciphertext re-encryption, user key re-generation, and key re-distribution. Existing revocable CP-ABE based access control models have focused on minimizing the cost of communication and computation cost for ciphertext re-encryption. Unfortunately, the key update issue is subject to re-key generation as traditional CP-ABE does. In essence, key update becomes crucial when there are a high number of users accessing shared data in the cloud. In this paper, we propose a lightweight access control model featured with the efficient key updating scheme. Finally, the performance evaluation is conducted to demonstrate the efficiency of our proposed scheme.

A New User Revocable Ciphertext-Policy Attribute-Based Encryption with Ciphertext Update

The revocable ciphertext-policy attribute-based encryption (R-CP-ABE) is an extension of ciphertext-policy attribute-based encryption (CP-ABE), which can realize user direct revocation and maintain a short revocation list. However, the revoked users can still decrypt the previously authorized encrypted data with their old key. The R-CP-ABE scheme should provide a mechanism to protect the encrypted data confidentiality by disqualifying the revoked users from accessing the previously encrypted data. Motivated by practical needs, we propose a new user R-CP-ABE scheme that simultaneously supports user direct revocation, short revocation list, and ciphertext update by incorporating the identity-based and time-based revocable technique. The scheme provides a strongly selective security proof under the modified decisional q -parallel bilinear Diffie–Hellman Exponent problem, where “strongly” means that the adversary can query the secret key of a user whose attribute set satisfies the challenge ciphertext access structure and whose identity is in the revocation list.

AKC-Based Revocable ABE Schemes from LWE Assumption

The emergence of quantum computing threatens many classical cryptographic schemes, leading to the innovations in public-key cryptography for postquantum cryptography primitives and protocols that resist to quantum attacks. Lattice-based cryptography is considered to be one of the promising mathematical approaches to achieving security resistant to quantum attacks, which could be built on the learning with errors (LWE) problem and its variants. The fundamental building blocks of protocols for public-key encryption (PKE) and key encapsulation mechanism (KEM) submitted to the National Institute of Standards and Technology (NIST) based on LWE and its variants are called key consensus (KC) and asymmetric key consensus (AKC) by Jin et al. They are powerful tools for constructing PKE schemes. In this work, we further demonstrate the power of KC/AKC by proposing two special types of PKE schemes, namely, revocable attribute-based encryption (RABE). To be specific, on the basis of AKC and PKE/KEM protocols submitted to the NIST based on LWE and its variants, combined with full-rank difference, trapdoor on lattices, sampling algorithms, leftover hash lemma, and binary tree structure, we propose two directly revocable ciphertext-policy attribute-based encryption (DR-ABE) schemes from LWE, which support flexible threshold access policies on multivalued attributes, achieving user-level and attribute-level user revocation, respectively. Specifically, the construction of the ciphertext is derived from AKC, and the revocation list is defined and embedded into the ciphertext by the message sender to revoke a user in the user-level revocable scheme or revoke some attributes of a certain user in the attribute-level revocable scheme. We also discuss how to outsource decryption and reduce the workload for the end user. Our schemes proved to be secure in the standard model, assuming the hardness of the LWE problem. The two schemes imply the versatility of KC/AKC.

Revocable ciphertext-policy attribute-based encryption in data outsourcing systems from lattices

Attribute-based encryption mechanism is widely used in outsourcing systems because of its characteristics of 'one-to-many' communication. However, users' attributes often change dynamically. In order to solve the problem of attribute revocation in the attribute-based encryption scheme in the outsourcing systems, a revocable ciphertext policy attribute-based encryption in data outsourcing systems from lattices is proposed. The scheme uses the LWE problem to construct the encryption and decryption algorithm, which can resist the quantum attack. Tree-access structure is adopted to realise flexible fine-grained access strategy. In addition, with the help of the data outsourcing management server, the attribute key and ciphertext are updated to achieve immediate attribute revocation. The scheme is proved to be secure under the selective attribute and selective plaintext attacks. The comparative analysis shows that the scheme has a significant improvement in performance, and it supports immediate attribute revocation, which is more suitable for the dynamic change of users in the outsourcing systems, such as social network platforms.

Revocable ciphertext-policy attribute-based encryption in data outsourcing systems from lattices

Attribute-based encryption mechanism is widely used in outsourcing systems because of its characteristics of 'one-to-many' communication. However, users' attributes often change dynamically. In order to solve the problem of attribute revocation in the attribute-based encryption scheme in the outsourcing systems, a revocable ciphertext policy attribute-based encryption in data outsourcing systems from lattices is proposed. The scheme uses the LWE problem to construct the encryption and decryption algorithm, which can resist the quantum attack. Tree-access structure is adopted to realise flexible fine-grained access strategy. In addition, with the help of the data outsourcing management server, the attribute key and ciphertext are updated to achieve immediate attribute revocation. The scheme is proved to be secure under the selective attribute and selective plaintext attacks. The comparative analysis shows that the scheme has a significant improvement in performance, and it supports immediate attribute revocation, which is more suitable for the dynamic change of users in the outsourcing systems, such as social network platforms.

Revocable ciphertext-policy attribute-based encryption in data outsourcing systems from lattices

Revocable ciphertext-policy attribute-based encryption in data outsourcing systems from lattices

Assured Way to Manage Various Controls in Cloud

Secure cloud garage, which is a rising cloud carrier, is designed to guard the confidentiality of outsourced statistics however also to offer bendy statistics get entry to for cloud customers whose information is out of bodily control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is seemed as one of the maximum promising strategies that may be leveraged to cozy the guarantee of the provider. However, the use of CP-ABE may additionally yield an inevitable security breach that's referred to as the misuse of access credential (i.e. Decryption rights), because of the intrinsic “all-or-nothing” decryption feature of CP-ABE. In this paper, we check out the 2 most important instances of get right of entry to credential misuse: one is on the semi-trusted authority facet, and the opposite is at the aspect of cloud consumer. To mitigate the misuse, we recommend the first responsible authority and revocable CP-ABE based cloud garage system with white-field traceability and auditing, referred to as CryptCloud+. We also gift the safety evaluation and further exhibit the utility of our system thru experiments.

Efficient revocable CP-ABE for big data access control in cloud computing

Due to huge volume of big data, cloud is a better choice to store big data. Since the cloud is not trustworthy, privacy and access control is a big concern. Ciphertext policy attribute-based encryption (CP-ABE) is a promising technique to enable both privacy and access control in the cloud. However, directly applying CP-ABE scheme for big data in the cloud is a challenging task because of revocation. Existing CP-ABE with revocation schemes are lacking in efficiency. In this paper, we propose an efficient revocable CP-ABE (R-CP-ABE) scheme for big data access control in cloud using proxy-based updates in which the proxy server performs the ciphertext and secret key updates instead of data owner and data user respectively during revocation. This outsourced updates during revocation reduces the communication and computation overhead of data owner and data users. In security analysis, we prove that our R-CP-ABE scheme is secure against chosen plain-text and user collusion attacks. In addition, we also show that our scheme achieves forward and backward secrecy. The performance analysis demonstrates that our method is efficient when comparing with existing schemes.

CryptCloud+: Secure and Expressive Data Access Control for Cloud Storage

Secure cloud storage, which is an emerging cloud service, is designed to protect the confidentiality of outsourced data but also to provide flexible data access for cloud users whose data is out of physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising techniques that may be leveraged to secure the guarantee of the service. However, the use of CP-ABE may yield an inevitable security breach which is known as the misuse of access credential (i.e., decryption rights), due to the intrinsic “all-or-nothing” decryption feature of CP-ABE. In this paper, we investigate the two main cases of access credential misuse: one is on the semi-trusted authority side, and the other is on the side of cloud user. To mitigate the misuse, we propose the first accountable authority and revocable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud±. We also present the security analysis and further demonstrate the utility of our system via experiments.

New directly revocable attribute-based encryption scheme and its application in cloud storage environment

Attribute-based encryption (ABE) is a special type of cryptosystem, which provide encryption and decryption functions based on users attributes. Due to the functionality and flexibility of ABE, it is considered to be suitable for providing data security and privacy preserving security in the cloud storage environment. However, lack of user revocation mechanism is considered to be a disadvantage of traditional ABE. In this paper, we study the direct revocation mechanism of ciphertext-policy ABE (CP-ABE), construct a new directly revocable CP-ABE in the composite order group, and prove it to achieve adaptive security using dual system encryption in the standard model. On this basis, we introduce user revocation centre (URC) in this system, and outsource the revocation tasks to URC. Users need not to master the latest revocation list for encrypting, and need not to pay any additional computing for revocation. In addition, when revocation list changes, URC can update the ciphertexts for users. Finally, we introduce how to deploy our schemes in cloud storage environment.