Abstract
To ensure security and obtain fine-grained data access control policies in many management domains, multi-authority attribute-based encryption (MA-ABE) schemes were presented and have been applied in cloud storage system. There exist certain scenes where the application domains managed by different attribute authorities (\( AAs \)) often change, and hence domain managements require more autonomous and independent. However, most of existing schemes do not support flexible managements. In order to support dynamic managements, we propose a new decentralized ciphertext-policy MA-ABE scheme with mediated obfuscation (MA-DCP-ABE-WMO) where each of \( AAs \) works independently without any interaction with other \( AAs \). When issuing a secret key to a user, each of \( AAs \) uses his secret to compute a share of the system master secret. Data are encrypted under the public keys of attribute management domains. To resist collusion attack, a common pseudorandom function \( PRF( \cdot ) \) is shared among \( AAs \) and is used to randomize each user’s global identifier \( Gid \). The randomized \( Gid \) is adopted to unify all target messages which need to be reconstructed from different management domains. We first introduce the mediated obfuscation (MO) model into MA-ABE scheme to provide online service and the interaction works among data owner, data user and the mediator. In the MO model, we define a special functional encryption scheme where the function program can be coded into an element of the multiplicative cyclic group. We obfuscate the function by randomly selecting a blinding factor to conduct exponent arithmetic with the base of the function. A special input of the function is constructed to cancel the blinding factor when calling the obfuscated function. It makes other participants know nothing about the inner function program but can evaluate the function program. Furthermore, the MA-DCP-ABE-WMO scheme is proved to be secure. Compared with related schemes, our scheme is suitable to dynamic domain managements. When the management domains are added or removed, the workload to update original ciphertexts and private keys is dramatically reduced.
Similar content being viewed by others
References
Barak B, Goldreich O, Impagliazzo R et al (2001) On the (im)possibility of obfuscating programs. In: Annual international cryptology conference, proceedings of the CRYPTO’01. Springer, pp 1–18
Barak B, Bitansky N, Canetti N, Kalai Y, Paneth O, Sahai A (2014) Obfuscation for evasive functions. In: Proceedings of the TCC’14. Springer, pp 26–51
Beime A (1996) Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Department of Computer Science, Technion—Israel Institute of Technology, Haifa, Israel
Bitansky N, Canetti R, Kalai Y, Paneth O (2014) On virtual grey box obfuscation for general circuits. In: Advances in cryptology—CRYPTO’14. Springer, pp 108–125
Boneh D, Sahai A, Waters B (2011) Functional encryption: definitions and challenges. In: Theory of cryptography conference, proceedings of TCC 2011. Springer, pp 253–273
Canetti R, Kalai Y, Varia M, Wichs D (2010a) On symmetric encryption and point obfuscation. Lect Notes Comput Sci 79(4):52–71
Canetti R, Rothblum G, Varia M (2010) Obfuscation of hyperplane membership. In: Theory of cryptography conference, proceedings of the TCC’10. Springer, pp 72–89
Canetti R, Lin H, Tessaro S, Vaikuntanathan V (2015) Obfuscation of probabilistic circuits and applications. In: Theory of cryptography conference, proceedings of the TCC’15. Springer, pp 468–497
Chase M (2007) Multi-authority attribute based encryption. In: Theory of cryptography, TCC 2007, Springer, pp 515–534
Chen Y, Song L, Yang G (2016) Attribute-based access control for multi-authority systems with constant size ciphertext in cloud computing. China Commun 13:146–162
Ding N, Gu D (2011) A note on obfuscation for cryptographic functionalities of secret-operation then public-encryption. In: Conference on theory and applications of MODELS of computation, proceedings of the TAMC’11. Springer, pp 377–389
Gentry C, Lewko A, Sahai A, Waters B (2015) Indistinguishability obfuscation from the multilinear subgroup elimination assumption. In: 2015 IEEE 56th annual symposium on foundations of computer science, proceedings of the FOCS’15. IEEE Computer Society, pp 151–170
Goldwasser S, Rothblum G (2007) On best-possible obfuscation. In: The 4th conference on theory of cryptography, proceedings of the TCC’07. Springer, pp 194–213
Goldwasser S, Gordon S, Goyal V et al (2014) Multi-input functional encryption. In: 33rd Annual international conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2014. Springer, pp 578–602
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM conference on computer and communications security, proceedings of CCS ‘06. ACM, pp 89–98
Han J, Susilo W, Mu Y, Yan J (2012) Privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Parallel Distrib Syst 23(11):2150–2162
Han J, Susilo W, Mu Y (2014) PPDCP-ABE: privacy-preserving decentralized ciphertext-policy attribute-based encryption. In: European symposium on research in computer security, computer security-ESORICS 2014. Springer, pp 73–90
Han J, Susilo W, Mu Y, Zhou J et al (2015) Improving privacy and security in decentralized ciphertext-policy attribute-based encryption. IEEE Trans Inf Forensics Secur 10(3):665–678
Hofheinz D, Lee J, Stam M (2010) Obfuscation for cryptographic purposes. J Cryptol 23(1):121–168
Hooker R (2012) Functional encryption as mediated obfuscation. Master of Science (MS) thesis, University of Montana
Hu S, Li J, Zhang Y (2018) Improving security and privacy-preserving in multi-authorities ciphertext-policy attribute-based encryption. KSII Trans Internet Inf Syst 12(10):5100–5119
Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: Annual international conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2011, pp 568–588
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Annual international conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT. Springer, pp 62–91
Li J, Lin X, Zhang Y, Han J (2017a) KSF-OABE: outsourced attribute-based encryption with keyword search function for cloud storage. IEEE Trans Serv Comput 10:715–725
Li J, Wang Y, Zhang Y, Han J (2017b) Full verifiability for outsourced decryption in attribute based encryption. IEEE Trans Serv Comput 8:8–9. https://doi.org/10.1109/TSC.2017.2710190
Li J, Yao W, Zhang Y, Qian H, Han J (2017c) Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans Serv Comput 10(5):785–796
Li J, Yan H, Zhang Y (2017d) Certificateless public integrity checking of group shared data on cloud storage. IEEE Trans Serv Comput. https://doi.org/10.1109/TSC.2018.2789893
Li J, Yao W, Han J, Zhang Y, Shen J (2018a) User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst J 12:1767–1777
Li J, Hu S, Zhang Y (2018) Two-party attribute-based key agreement protocol with constant-size ciphertext and key. Secur Commun Netw. Article ID 8738960, p 10
Li J, Chen L, Lu Y, Zhang Y (2018c) Anonymous certificate-based broadcast encryption with constant decryption cost. Inf Sci 454–455:110–127
Li J, Yu Q, Zhang Y (2019a) Key-policy attribute-based encryption against continual auxiliary input leakage. Inf Sci 470:175–188
Li J, Yu Q, Zhang Y (2019b) Hierarchical attribute based encryption with continuous leakage-resilience. Inf Sci 484:113–134
Lynn B (2013) Pairing-based cryptography (PBC) Library [Online]. http://crypto.stanford.edu/pbc
Lynn B, Prabhakaran M, Sahai A (2004) Positive results and techniques for obfuscation. In: International conference on the theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2004. Springer, pp 20–39
Miao Y, Liu X, Choo KKR, Deng RH, Li J, Li H, Ma J (2019) Privacy-preserving attribute-based keyword search in shared multi-owner setting. IEEE Trans Dependable Secure Comput 99:1–1. https://doi.org/10.1109/TDSC.2019.2897675
Ning J, Dong X, Cao Z, Wei L, Lin X (2015) White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans Inf Forensics Secur 10(6):1274–1288
Ning J, Cao Z, Dong X, Ma H, Wei L, Liang K (2018a) Auditable σ-times outsourced attribute-based encryption for access control in cloud computing. IEEE Trans Inf Forensics Secur 13(1):94–105
Ning J, Cao Z, Dong X, Wei L (2018b) White-box traceable CP-ABE for cloud storage service: how to catch people leaking their access credentials effectively. IEEE Trans Dependable Secure Comput 15(5):883–897
Ning J, Cao Z, Dong X, Liang K, Wei L, Choo K (2018c) Cryptcloud + : secure and expressive data access control for cloud storage. IEEE Trans Serv Comput 8:8–9. https://doi.org/10.1109/tsc.2018.2791538
Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: The 14th ACM conference on computer and communications security, proceedings of CCS’07. ACM, pp 195–203
Qian H, Li J, Zhang Y, Han J (2015) Privacy preserving personal health record using multi-authority attribute-based encryption with revocation. Int J Inf Secur 14(6):487–497
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: The 24th annual international conference on theory and applications of cryptographic techniques, advances in cryptology—EUROCRYPT 2005. Springer, pp 457–473
Wan Z, Liu J, Deng RH (2012) HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans Inf Forensics Secur 7:743–754
Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: 14th International conference on practice and theory in public key cryptography, PKC 2011. Springer, pp 53–70
Wee H (2005) On obfuscating point functions, in: the thirty-seventh annual ACM symposium on theory of computing. In: Proceedings of the STOC’05, pp 523–532
Yan H, Li J, Han J (2017) A novel efficient remote data possession checking protocol in cloud storage. IEEE Trans Inf Forensics Secur 12(1):78–88
Yang K, Jia X (2014) Expressive efficient and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25:1735–1744
Yang K, Jia X, Kui R (2013) Attributed-based fine-grained access control with efficient revocation in cloud storage systems. In: The 8th ACM SIGSAC symposium on information, computer and communications security, proceedings of ASIA CCS ‘13, pp 523–528
Yu S, Wang C, Ren K et al (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: The 29th conference on information communications, proceeding of INFOCOM’10, pp 1–9
Zhang M, Chen B, Shen H (2015) Program obfuscator for privacy-carrying unidirectional one-hop re-encryption. In: International conference on algorithms and architectures for parallel processing, proceedings of the ICA3PP’15. Springer, pp 1–10
Zuo C, Shao J, Wei G, Xie M, Ji M (2018) CCA-secure ABE with outsourced decryption for fog computing. Future Gen Comput Syst 78:730–738
Funding
This study was funded by the National Natural Science Foundation of China (U1736112, 61772009, 61672207), Jiangsu Provincial Natural Science Foundation of China (BK20161511), Jiangsu Key Laboratory of Big Data Security & Intelligent Processing, NJUPT, the Key Research and Development Project of Science Department in Jiangxi Province (20171BBE50065), Anhui University of Natural Science Research Project (KJ2018A0398).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
All authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by V. Loia.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Li, J., Hu, S., Zhang, Y. et al. A decentralized multi-authority ciphertext-policy attribute-based encryption with mediated obfuscation. Soft Comput 24, 1869–1882 (2020). https://doi.org/10.1007/s00500-019-04018-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-019-04018-y