Abstract
In recent years, attribute-based encryption (ABE) provides a new idea to help researchers solving the problem of data privacy protection in cloud. But there are two issues in traditional ABE, the first issue is that the attributes in the access structures will be sent to users in cleartext together with the ciphertext. So a attacker has the opportunity to obtain some of the private information from the plaintext access structure. And the other issue is the traditional ABE scheme cannot revoke the users' illegal keys in an efficient way. To handle both of the above challenges, we come up with a large universe ciphertext-policy ABE (CP-ABE) scheme which supports partially hidden access structures (PHAS) and highly efficient key revocation at the same time in this paper. What's more, unlike most previous schemes, first our access structure is based on the expressive linear secret sharing scheme (LSSS) which supports both AND and OR gates in access formulas and second our scheme is built from the prime-order bilinear pairing groups. The comparison with other relevant works presents that our scheme is more comprehensive and efficient. Finally we rigorously prove and analyze that our scheme is selectively indistinguishable secure under chosen plaintext attacks (IND-CPA) in the random oracle model (ROM) and our access structure is really anonymous against off-line dictionary attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G, Patterson DA, Rabkin A, Stoica I et al (2010) A view of cloud computing. Commun ACM 53(4):50–58
Attrapadung N, Imai H (2009) Conjunctive broadcast and attribute-based encryption. In: International conference on pairing-based cryptography, Springer, pp 248–265
Attrapadung N, Libert B, De Panafieu E (2011) Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: International workshop on public key cryptography, Springer, pp 90–108
Beimel A (1996) Secure schemes for secret sharing and key distribution. In: Technion-Israel Institute of technology, Faculty of Computer Science
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on security and privacy (SP’07), IEEE, pp 321–334
Boneh D, Waters B (2007) Conjunctive, subset, and range queries on encrypted data. In: Theory of cryptography conference, Springer, pp 535–554
Cui H, Deng RH, Wu G, Lai J (2016) An efficient and expressive ciphertext-policy attribute-based encryption scheme with partially hidden access structures. In: International conference on provable security, Springer, pp 19–38
Deng H, Qin Z, Wu Q, Guan Z, Zhou Y (2020) Flexible attribute-based proxy re-encryption for efficient data sharing. Inf Sci 511:94–113
Freeman DM (2010) Converting pairing-based cryptosystems from composite-order groups to prime-order groups. In: Annual international conference on the theory and applications of cryptographic techniques, Springer, pp 44–61
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, ACM, pp 89–98
Hao J, Huang C, Ni J, Rong H, Xian M, Shen XS (2019) Fine-grained data access control with attribute-hiding policy for cloud-based IoT. Comput Netw 153:1–10
Hur J, Noh DK (2010) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221
Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W (2009) Mediated ciphertext-policy attribute-based encryption and its application. In: International workshop on information security applications, Springer, pp 309–323
Iovino V, Persiano G (2008) Hidden-vector encryption with groups of prime order. In: International conference on pairing-based cryptography, Springer, pp 75–88
Kansal S, Mittal M (2014) Performance evaluation of various symmetric encryption algorithms. In: 2014 International conference on parallel, distributed and grid computing, IEEE, pp 105–109
Katz J, Sahai A, Waters B (2008) Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Annual international conference on the theory and applications of cryptographic techniques, Springer, pp 146–162
Khan F, Li H, Zhang L, Shen J (2017) An expressive hidden access policy CP-ABE. In: 2017 IEEE second international conference on data science in cyberspace (DSC), IEEE, pp 178–186
Lai J, Deng RH, Li Y (2012) Expressive CP-ABE with partially hidden access structures. In: 7th ACM symposium on information, Computer and communications security, ASIACCS 2012, pp 18–19
Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: Annual international conference on the theory and applications of cryptographic techniques, Springer, pp 568–588
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Annual international conference on the theory and applications of cryptographic techniques, Springer, pp 62–91
Li J, Ren K, Zhu B, Wan Z (2009) Privacy-aware attribute-based encryption with user accountability. In: International conference on information security, Springer, pp 347–362
Li J, Wang H, Zhang Y, Shen J (2016) Ciphertext-policy attribute-based encryption with hidden access policy and testing. KSII Trans Internet Inf Syst 10(7)
Liang K, Fang L, Susilo W, Wong DS (2013) A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security. In: 2013 5th International conference on intelligent networking and collaborative systems, IEEE, pp 552–559
Liang K, Au MH, Liu JK, Susilo W, Wong DS, Yang G, Yu Y, Yang A (2015) A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener Comput Syst 52:95–108
Liu Q, Wang G, Wu J (2014) Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf Sci 258:355–370
Lubicz D, Sirvent T (2008) Attribute-based broadcast encryption scheme made efficient. In: International conference on cryptology in Africa, Springer, pp 325–342
Lynn B et al (2006) The pairing-based cryptography library. Internet: https://crypto.stanford.edu/pbc/. Accessed 27 Mar 2013
Mei Q, Xiong H, Chen J, Yang M, Kumari S, Khan MK (2020) Efficient certificateless aggregate signature with conditional privacy preservation in IoV. IEEE Syst J. https://doi.org/10.1109/JSYST.2020.2966526
Naor D, Naor M, Lotspiech J (2001) Revocation and tracing schemes for stateless receivers. In: Annual international cryptology conference, Springer, pp 41–62
Nishide T, Yoneyama K, Ohta K (2008) Attribute-based encryption with partially hidden encryptor-specified access structures. In: International conference on applied cryptography and network security, Springer, pp 111–129
Qin Z, Xiong H, Wu S, Batamuliza J (2016) A survey of proxy re-encryption for secure data sharing in cloud computing. IEEE Trans Serv Comput
Ramu G (2018) A secure cloud framework to share EHRS using modified CP-ABE and the attribute bloom filter. Educ Inf Technol 23(5):2213–2233
Rouselakis Y, Waters B (2012) New constructions and proof methods for large universe attribute-based encryption. IACR Cryptol EPrint Arch 2012:583
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Annual international conference on the theory and applications of cryptographic techniques, Springer, pp 457–473
Vouk MA (2008) Cloud computing-issues, research and implementations. J Comput Inf Technol 16(4):235–246
Wang G, Liu Q, Wu J, Guo M (2011) Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur 30(5):320–331
Wang H, Zheng Z, Wu L, Li P (2017) New directly revocable attribute-based encryption scheme and its application in cloud storage environment. Cluster Comput 20(3):2385–2392
Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: International workshop on public key cryptography, Springer, pp 53–70
Wu A, Zheng D, Zhang Y, Yang M (2018) Hidden policy attribute-based data sharing with direct revocation and keyword search in cloud computing. Sensors 18(7):2158
Wu A, Zhang Y, Zheng X, Guo R, Zhao Q, Zheng D (2019) Efficient and privacy-preserving traceable attribute-based encryption in blockchain. Ann Telecommun 74(7–8):401–411
Wu TY, Yang L, Lee Z, Chen CM, Pan JS, Islam S (2021) Improved ECC-based three-factor multiserver authentication scheme. Secur Commun Netw 2021:6627956. https://doi.org/10.1155/2021/6627956
Xiong H, Bao Y, Nie X, Asoor YI (2019a) Server-aided attribute-based signature supporting expressive access structures for industrial internet of things. IEEE Trans Ind Inf 16(2):1013–1023
Xiong H, Zhao Y, Peng L, Zhang H, Yeh KH (2019b) Partially policy-hidden attribute-based broadcast encryption with secure delegation in edge computing. Future Gener Comput Syst 97:453–461
Xiong H, Kang Z, Chen J, Tao J, Yuan C, Kumari S (2020a) A novel multiserver authentication scheme using proxy resignature with scalability and strong user anonymity. IEEE Syst J. https://doi.org/10.1109/JSYST.2020.2983198
Xiong H, Wu Y, Jin C, Kumari S (2020b) Efficient and privacy-preserving authentication protocol for heterogeneous systems in IIoT. IEEE Internet Things J 7(12):11713–11724. https://doi.org/10.1109/JIOT.2020.2999510
Xiong H, Zhao Y, Hou Y, Huang X, Jin C, Wang L, Kumari S (2020c) Heterogeneous signcryption with equality test for iiot environment. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2020.3008955
Xu S, Yang G, Mu Y, Liu X (2019) A secure IoT cloud storage system with fine-grained access control and decryption key exposure resistance. Future Gener Comput Syst 97:284–294
Yang K, Han Q, Li H, Zheng K, Su Z, Shen X (2016) An efficient and fine-grained big data access control scheme with privacy-preserving policy. IEEE Internet Things J 4(2):563–571
Yu S, Wang C, Ren K, Lou W (2010) Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM symposium on information, computer and communications security, ACM, pp 261–270
Zhang Y, Chen X, Li J, Wong DS, Li H (2013) Anonymous attribute-based encryption supporting efficient decryption test. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, pp 511–516
Zhang Y, Li J, Chen X, Li H (2016) Anonymous attribute-based proxy re-encryption for access control in cloud computing. Secur Commun Netw 9(14):2397–2411
Zhang Y, Zheng D, Deng RH (2018) Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J 5(3):2130–2145
Zhou Z, Huang D, Wang Z (2013) Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans Comput 64(1):126–138
Acknowledgements
This work was supported in part by NSFC with no. 61520106007, the Natural Science Foundation of China under Grant U1936101 and the 13th Five-Year Plan of National Cryptography Development Fund for Cryptographic Theory of China under Grant MMJJ20170204.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhang, W., Zhang, Z., Xiong, H. et al. PHAS-HEKR-CP-ABE: partially policy-hidden CP-ABE with highly efficient key revocation in cloud data sharing system. J Ambient Intell Human Comput 13, 613–627 (2022). https://doi.org/10.1007/s12652-021-02922-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-021-02922-6