Abstract
Firstly, we propose a multiauthority ciphertext policy attribute-based encryption scheme. It achieves fine-grained access control based upon fuzzy identity over encrypted data without any trusted center or extra interaction among multiple authorities. Moreover, it satisfies the collusion resistance requirement as long as at least one of the attribute authorities is honest. The security proof demonstrates that the proposed scheme is secure against chosen plaintext attacks in random oracle model under decisional multilinear Diffie–Hellman assumption. Secondly, we construct an attribute-based access control system for proxy-based multicloud environment to achieve distributed access control without any trusted center, manager, or additional secret keys. In our construction, the original secret keys are split into a control key, a decryption key and a set of transformation keys. It only takes the mobile device a lightweight decryption with a single decryption key. The overwhelming majority of decryption operations are outsourced to cloud via transformation keys. In addition, the attribute revocation can be realized by updating transformation keys using the control key, while ciphertexts and user’s decryption key still remain unchanged. Furthermore, proxies are helpful to promote the collaboration among multiple clouds in file access control system. Finally, the performance analysis shows that our construction is flexible and practical for mobile users in proxy-based multicloud environment.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, pp 321–334
Boneh D, Silverberg A (2002) Applications of multilinear forms to cryptography. Contemp Math 324:71–90
Chase M (2007) Multi-authority attribute based encryption. In: proceedings of theory of cryptography, theory of cryptography conference, TCC 2007, Amsterdam, The Netherlands, 21–24 Feb 2007, pp 515–534
Chase M, Chow SSM (2009) Improving privacy and security in multi-authority attribute-based encryption. In: ACM conference on computer and communications security, CCS 2009. Chicago, Illinois, USA, Nov, pp 121–130
Coron JS, Lepoint T, Tibouchi M (2013) Practical multilinear maps over the integers. Springer, Berlin Heidelberg
Fu Z, Sun X, Liu Q, Zhou L, Shu J (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun 98(1):190–200
Fu Z, Huang F, Sun X, Vasilakos A, Yang CN (2016a) Enabling semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Serv Comput
Fu Z, Wu X, Guan C, Sun X, Ren K (2016b) Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans Inf Forensics Secur 11(12):2706–2716
Garg S, Gentry C, Halevi S (2013) Candidate multilinear maps from ideal lattices. Springer, Berlin Heidelberg
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. Proc Acmccs 89–98:89–98
Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertexts. In: usenix conference on security, pp 34–34
Hur J, Dong KN (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221
Lai J, Deng RH, Guan C, Weng J (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 8(8):1343–1354
Li W, Xue K, Xue Y, Hong J (2016) Tmacs: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Parallel Distrib Syst 27(5):1484–1496
Liu Q, Cai W, Shen J, Fu Z, Liu X, Linge N (2016) A speculative approach to spatial-temporal efficiency with multi-objective optimization in a heterogeneous cloud environment. Secur Commun Netw 9(17):4002–4012
Rouselakis Y, Waters B (2013) Practical constructions and new proof methods for large universe attribute-based encryption. In: proceedings of the 2013 ACM SIGSAC conference on computer communications security, ACM, CCS ’13, New York, NY, USA, pp 463–474
Sahai A, Waters B (2005) Fuzzy identity-based encryption. Lect Notes Comput Sci 3494:457–473
Singhal M, Chandrasekhar S, Ge T, Sandhu R, Krishnan R, Ahn GJ, Bertino E (2013) Collaboration in multicloud computing environments: framework and security issues. Computer 46(2):76–84
Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Lect Notes Comput Sci 2008:321–334
Xia Z, Wang X, Sun X, Wang Q (2016a) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340–352
Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016b) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608
Xu J, Wen Q, Li W, Jin Z (2016) Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans Parallel Distrib Syst 27(1):119–129
Yang K, Jia X (2014) Expressive, efficient and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25(7):1735–1744
Yang K, Jia X, Ren K, Zhang B, Xie R (2013) Dac-macs: effective data access control for multi-authority cloud storage systems. IEEE Trans Inf Forensics Secur 8(11):1790–1801
Yang K, Jia X, Ren K (2015) Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans Parallel Distrib Syst 26(12):1–1
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: conference on information communications, pp 1–9
Acknowledgements
This work is supported by NSFC (Grant Nos. 61602045, 61502044, 61572379, 61501333), the Natural Science Foundation of Hubei Province of China (No. 2015CFB257).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Human and animal rights
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Li, W., Wen, Q., Li, X. et al. Attribute-based fuzzy identity access control in multicloud computing environments. Soft Comput 22, 4071–4082 (2018). https://doi.org/10.1007/s00500-017-2616-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-017-2616-5