Skip to main content
SpringerLink
Log in

A decentralized multi-authority ciphertext-policy attribute-based encryption with mediated obfuscation

  • Methodologies and Application
  • Published:
Soft Computing Aims and scope Submit manuscript

Abstract

To ensure security and obtain fine-grained data access control policies in many management domains, multi-authority attribute-based encryption (MA-ABE) schemes were presented and have been applied in cloud storage system. There exist certain scenes where the application domains managed by different attribute authorities (\( AAs \)) often change, and hence domain managements require more autonomous and independent. However, most of existing schemes do not support flexible managements. In order to support dynamic managements, we propose a new decentralized ciphertext-policy MA-ABE scheme with mediated obfuscation (MA-DCP-ABE-WMO) where each of \( AAs \) works independently without any interaction with other \( AAs \). When issuing a secret key to a user, each of \( AAs \) uses his secret to compute a share of the system master secret. Data are encrypted under the public keys of attribute management domains. To resist collusion attack, a common pseudorandom function \( PRF( \cdot ) \) is shared among \( AAs \) and is used to randomize each user’s global identifier \( Gid \). The randomized \( Gid \) is adopted to unify all target messages which need to be reconstructed from different management domains. We first introduce the mediated obfuscation (MO) model into MA-ABE scheme to provide online service and the interaction works among data owner, data user and the mediator. In the MO model, we define a special functional encryption scheme where the function program can be coded into an element of the multiplicative cyclic group. We obfuscate the function by randomly selecting a blinding factor to conduct exponent arithmetic with the base of the function. A special input of the function is constructed to cancel the blinding factor when calling the obfuscated function. It makes other participants know nothing about the inner function program but can evaluate the function program. Furthermore, the MA-DCP-ABE-WMO scheme is proved to be secure. Compared with related schemes, our scheme is suitable to dynamic domain managements. When the management domains are added or removed, the workload to update original ciphertexts and private keys is dramatically reduced.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  • Barak B, Goldreich O, Impagliazzo R et al (2001) On the (im)possibility of obfuscating programs. In: Annual international cryptology conference, proceedings of the CRYPTO’01. Springer, pp 1–18

  • Barak B, Bitansky N, Canetti N, Kalai Y, Paneth O, Sahai A (2014) Obfuscation for evasive functions. In: Proceedings of the TCC’14. Springer, pp 26–51

  • Beime A (1996) Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Department of Computer Science, Technion—Israel Institute of Technology, Haifa, Israel

  • Bitansky N, Canetti R, Kalai Y, Paneth O (2014) On virtual grey box obfuscation for general circuits. In: Advances in cryptology—CRYPTO’14. Springer, pp 108–125

  • Boneh D, Sahai A, Waters B (2011) Functional encryption: definitions and challenges. In: Theory of cryptography conference, proceedings of TCC 2011. Springer, pp 253–273

  • Canetti R, Kalai Y, Varia M, Wichs D (2010a) On symmetric encryption and point obfuscation. Lect Notes Comput Sci 79(4):52–71

    Article  MathSciNet  Google Scholar 

  • Canetti R, Rothblum G, Varia M (2010) Obfuscation of hyperplane membership. In: Theory of cryptography conference, proceedings of the TCC’10. Springer, pp 72–89

  • Canetti R, Lin H, Tessaro S, Vaikuntanathan V (2015) Obfuscation of probabilistic circuits and applications. In: Theory of cryptography conference, proceedings of the TCC’15. Springer, pp 468–497

  • Chase M (2007) Multi-authority attribute based encryption. In: Theory of cryptography, TCC 2007, Springer, pp 515–534

  • Chen Y, Song L, Yang G (2016) Attribute-based access control for multi-authority systems with constant size ciphertext in cloud computing. China Commun 13:146–162

    Google Scholar 

  • Ding N, Gu D (2011) A note on obfuscation for cryptographic functionalities of secret-operation then public-encryption. In: Conference on theory and applications of MODELS of computation, proceedings of the TAMC’11. Springer, pp 377–389

  • Gentry C, Lewko A, Sahai A, Waters B (2015) Indistinguishability obfuscation from the multilinear subgroup elimination assumption. In: 2015 IEEE 56th annual symposium on foundations of computer science, proceedings of the FOCS’15. IEEE Computer Society, pp 151–170

  • Goldwasser S, Rothblum G (2007) On best-possible obfuscation. In: The 4th conference on theory of cryptography, proceedings of the TCC’07. Springer, pp 194–213

  • Goldwasser S, Gordon S, Goyal V et al (2014) Multi-input functional encryption. In: 33rd Annual international conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2014. Springer, pp 578–602

  • Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM conference on computer and communications security, proceedings of CCS ‘06. ACM, pp 89–98

  • Han J, Susilo W, Mu Y, Yan J (2012) Privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Parallel Distrib Syst 23(11):2150–2162

    Article  Google Scholar 

  • Han J, Susilo W, Mu Y (2014) PPDCP-ABE: privacy-preserving decentralized ciphertext-policy attribute-based encryption. In: European symposium on research in computer security, computer security-ESORICS 2014. Springer, pp 73–90

  • Han J, Susilo W, Mu Y, Zhou J et al (2015) Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE Trans Inf Forensics Secur 10(3):665–678

    Article  Google Scholar 

  • Hofheinz D, Lee J, Stam M (2010) Obfuscation for cryptographic purposes. J Cryptol 23(1):121–168

    Article  MathSciNet  Google Scholar 

  • Hooker R (2012) Functional encryption as mediated obfuscation. Master of Science (MS) thesis, University of Montana

  • Hu S, Li J, Zhang Y (2018) Improving security and privacy-preserving in multi-authorities ciphertext-policy attribute-based encryption. KSII Trans Internet Inf Syst 12(10):5100–5119

    Google Scholar 

  • Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: Annual international conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2011, pp 568–588

  • Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Annual international conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT. Springer, pp 62–91

  • Li J, Lin X, Zhang Y, Han J (2017a) KSF-OABE: outsourced attribute-based encryption with keyword search function for cloud storage. IEEE Trans Serv Comput 10:715–725

    Article  Google Scholar 

  • Li J, Wang Y, Zhang Y, Han J (2017b) Full verifiability for outsourced decryption in attribute based encryption. IEEE Trans Serv Comput 8:8–9. https://doi.org/10.1109/TSC.2017.2710190

    Article  Google Scholar 

  • Li J, Yao W, Zhang Y, Qian H, Han J (2017c) Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans Serv Comput 10(5):785–796

    Article  Google Scholar 

  • Li J, Yan H, Zhang Y (2017d) Certificateless public integrity checking of group shared data on cloud storage. IEEE Trans Serv Comput. https://doi.org/10.1109/TSC.2018.2789893

    Article  Google Scholar 

  • Li J, Yao W, Han J, Zhang Y, Shen J (2018a) User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst J 12:1767–1777

    Article  Google Scholar 

  • Li J, Hu S, Zhang Y (2018) Two-party attribute-based key agreement protocol with constant-size ciphertext and key. Secur Commun Netw. Article ID 8738960, p 10

  • Li J, Chen L, Lu Y, Zhang Y (2018c) Anonymous certificate-based broadcast encryption with constant decryption cost. Inf Sci 454–455:110–127

    MathSciNet  Google Scholar 

  • Li J, Yu Q, Zhang Y (2019a) Key-policy attribute-based encryption against continual auxiliary input leakage. Inf Sci 470:175–188

    Article  MathSciNet  Google Scholar 

  • Li J, Yu Q, Zhang Y (2019b) Hierarchical attribute based encryption with continuous leakage-resilience. Inf Sci 484:113–134

    Article  Google Scholar 

  • Lynn B (2013) Pairing-based cryptography (PBC) Library [Online]. http://crypto.stanford.edu/pbc

  • Lynn B, Prabhakaran M, Sahai A (2004) Positive results and techniques for obfuscation. In: International conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2004. Springer, pp 20–39

  • Miao Y, Liu X, Choo KKR, Deng RH, Li J, Li H, Ma J (2019) Privacy-preserving attribute-based keyword search in shared multi-owner setting. IEEE Trans Dependable Secure Comput 99:1–1. https://doi.org/10.1109/TDSC.2019.2897675

    Article  Google Scholar 

  • Ning J, Dong X, Cao Z, Wei L, Lin X (2015) White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans Inf Forensics Secur 10(6):1274–1288

    Article  Google Scholar 

  • Ning J, Cao Z, Dong X, Ma H, Wei L, Liang K (2018a) Auditable σ-times outsourced attribute-based encryption for access control in cloud computing. IEEE Trans Inf Forensics Secur 13(1):94–105

    Article  Google Scholar 

  • Ning J, Cao Z, Dong X, Wei L (2018b) White-box traceable CP-ABE for cloud storage service: how to catch people leaking their access credentials effectively. IEEE Trans Dependable Secure Comput 15(5):883–897

    Article  Google Scholar 

  • Ning J, Cao Z, Dong X, Liang K, Wei L, Choo K (2018c) Cryptcloud + : secure and expressive data access control for cloud storage. IEEE Trans Serv Comput 8:8–9. https://doi.org/10.1109/tsc.2018.2791538

    Article  Google Scholar 

  • Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: The 14th ACM conference on computer and communications security, proceedings of CCS’07. ACM, pp 195–203

  • Qian H, Li J, Zhang Y, Han J (2015) Privacy preserving personal health record using multi-authority attribute-based encryption with revocation. Int J Inf Secur 14(6):487–497

    Article  Google Scholar 

  • Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: The 24th annual international conference on theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2005. Springer, pp 457–473

  • Wan Z, Liu J, Deng RH (2012) HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inf Forensics Secur 7:743–754

    Article  Google Scholar 

  • Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: 14th International conference on practice and theory in public key cryptography, PKC 2011. Springer, pp 53–70

  • Wee H (2005) On obfuscating point functions, in: the thirty-seventh annual ACM symposium on theory of computing. In: Proceedings of the STOC’05, pp 523–532

  • Yan H, Li J, Han J (2017) A novel efficient remote data possession checking protocol in cloud storage. IEEE Trans Inf Forensics Secur 12(1):78–88

    Article  Google Scholar 

  • Yang K, Jia X (2014) Expressive efficient and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25:1735–1744

    Article  Google Scholar 

  • Yang K, Jia X, Kui R (2013) Attributed-based fine-grained access control with efficient revocation in cloud storage systems. In: The 8th ACM SIGSAC symposium on information, computer and communications security, proceedings of ASIA CCS ‘13, pp 523–528

  • Yu S, Wang C, Ren K et al (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: The 29th conference on information communications, proceeding of INFOCOM’10, pp 1–9

  • Zhang M, Chen B, Shen H (2015) Program obfuscator for privacy-carrying unidirectional one-hop re-encryption. In: International conference on algorithms and architectures for parallel processing, proceedings of the ICA3PP’15. Springer, pp 1–10

  • Zuo C, Shao J, Wei G, Xie M, Ji M (2018) CCA-secure ABE with outsourced decryption for fog computing. Future Gen Comput Syst 78:730–738

    Article  Google Scholar 

Download references

Funding

This study was funded by the National Natural Science Foundation of China (U1736112, 61772009, 61672207), Jiangsu Provincial Natural Science Foundation of China (BK20161511), Jiangsu Key Laboratory of Big Data Security & Intelligent Processing, NJUPT, the Key Research and Development Project of Science Department in Jiangxi Province (20171BBE50065), Anhui University of Natural Science Research Project (KJ2018A0398).

Author information

Authors and Affiliations

  1. College of Mathematics and Informatics, Fujian Normal University, Fuzhou, 350117, Fujian, China

    Jiguo Li & Yichen Zhang

  2. College of Computer and Information, Hohai University, Nanjing, 211100, Jiangsu, China

    Jiguo Li & Shengzhou Hu

  3. Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fujian, China

    Jiguo Li

  4. Mathematics and Computer Science Department, Gannan Normal University, Ganzhou, 341000, Jiangxi, China

    Shengzhou Hu

  5. Jiangsu Provincial Key Laboratory of E-Business, Nanjing University of Finance and Economics, Nanjing, 210003, China

    Jinguang Han

Authors
  1. Jiguo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shengzhou Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yichen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinguang Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jiguo Li.

Ethics declarations

Conflict of interest

All authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Communicated by V. Loia.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, J., Hu, S., Zhang, Y. et al. A decentralized multi-authority ciphertext-policy attribute-based encryption with mediated obfuscation. Soft Comput 24, 1869–1882 (2020). https://doi.org/10.1007/s00500-019-04018-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00500-019-04018-y

Keywords

Search

Navigation