Abstract
In this paper, we propose an attribute-based encryption (ABE) scheme that can be used in data sharing systems with multiple distrusted authorizes. Unlike prior multi-authority ABEs, this scheme can achieve secret key generation in a fully decentralized manner, which eliminates the security risk on central authority (CA) compromise. By separating the key generation process among authorities and data owners (DOs), our scheme is resilient to collusion between malicious authorities and users. This new fully Decentralized Multi-Authority ABE (f-DMA) scheme is derived from CP-ABE that is resilient to collusion between authorities and users. Our system distinguishes between DO principal and attribute authorities (AAs): DOs own the data but allows AAs to arbitrate access by providing attribute labels to users. The data is protected by access policy encryption over these attributes. Unlike prior systems, attributes generated by AAs are not user-specific, and neither is the system susceptible to collusion between users who try to escalate their access by sharing keys. We prove our scheme correct under the Decisional Bilinear Diffie-Hellman (DBDH) assumption; we also include a complete end-to-end implementation that demonstrates the practical efficacy of our technique.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chow, R., Golle, P., Jakobsson, M., et al.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: Proceedings of IEEE 3rd International Conference on Cloud Computing, pp. 85–90, July 2010
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium Security and Privacy, Berkeley, CA, pp. 321–334 (2007)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Proceedings of Public Key Cryptography (PKC 2011), pp. 53–70 (2011)
Wang, S., Zhou, J., Liu, J.K., et al.: An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(6), 1265–1277 (2016)
Balu, A., Kuppusamy, K.: An expressive and provably secure ciphertext-policy attribute-based encryption. Inf. Sci. 276, 354–362 (2014)
Kwon, H., Kim, D., Hahn, C., et al.: Security authentication using ciphertext policy attribute-based encryption in mobile multi-hop networks. Multimedia Tools Appl. 75, 1–15 (2016)
Chase, M.: Multi-authority attribute based encryption. In: Vadhan, Salil P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_28
Liu, J., Huang, X., Liu, J.K.: Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener. Comput. Syst. 52, 67–76 (2015)
Chase, M., Chow, S.S.M.: Improving privacy and security in multi-authority attribute-based encryption. In: Proceedings of 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 121–130 (2009)
Ahire, A., Jawalkar, P.: Secure system for data sharing using cipher-text policy attribute encryption with message authentication codes for data integrity. Int. Res. J. Eng. Technol. 22(5), 1021–1027 (2015)
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_4
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, pp. 568–588 (2011)
Yang, K., Jia, X., Ren, K.: DAC-MACS: effective date access control for multi-authority cloud storage systems. IEEE Trans. Inf. Forensics Secur. 8(11), 1790–1801 (2013)
Yang, K., Jia, X.: Attribute-based access control for multi-authority system in cloud storage. In: Proceedings of International Conference on Distributed Computing Systems (ICDCS), pp. 536–545 (2012)
Yang, K., Jia, X.: Expressive, efficient and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2013)
Taeho, J., Li, X., Wan, Z., et al.: Privacy preserving cloud data access with multi-authorities. In: Proceedings of IEEE INFOCOM, pp. 2625–2633 (2013)
Jahid, S., Mittal, P., Borisov, N.: Easier: encryption-based access control in social networks with efficient revocation. In: Proceedings of 6th ACM Symposium on Information, Computer and Communications Security, pp. 411–415 (2011)
Li, M., Yu, S., Zheng, Y., et al.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2012)
Hur, J., Kang, K.: Secure data retrieval for decentralized disruption-tolerant military networks. IEEE/ACM Trans. Netw. 22(1), 16–26 (2014)
Bethencourt, J., Sahai, A., Waters, B.: The cpabe toolkit [OL]. http://acsc.csl.sri.com/cpabe/.2007.3
Jung, T., Li, X., Wan, Z., et al.: Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption. IEEE Trans. Inf. Forensics Secur. 10(1), 190–199 (2015)
Canetti, R.: Decisional Diffie-Hellman assumption. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security, pp. 140–142. Springer, Heidelberg (2005). https://doi.org/10.1007/0-387-23483-7_99
Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_34
Muller, S., Katzenbeisser, S., Eckert, C.: On multi-authority ciphertext-policy attribute-based encryption. Bull. Korean Math. Soc. 46(4), 803–819 (2009)
Li, J., Huang, Q., Chen, X., Chow, S.S., Wong, D.S., Xie, D.: Multiauthority ciphertext-policy attribute-based encryption with accountability. In: Proceedings of ACM Symposium on Information (ASIACCS), pp. 386–390 (2011)
Acknowledgements
This work is supported by the National Natural Science Foundation of China under grant 61402160. Hunan Provincial Natural Science Foundation under grant 2016JJ3043. Open Funding for Universities in Hunan Province under grant 14K023.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Li, X., Huang, Z. (2017). Fully Decentralized Multi-Authority ABE Scheme in Data Sharing System. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_66
Download citation
DOI: https://doi.org/10.1007/978-3-319-72395-2_66
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72394-5
Online ISBN: 978-3-319-72395-2
eBook Packages: Computer ScienceComputer Science (R0)