Skip to main content
SpringerLink
Log in

Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

In hybrid cloud computing, encrypted data access control can provide a fine-grained access method for organizations to enact policies closer to organizational policies. This paper presents an improved CP-ABE (ciphertext-policy attribute-based encryption) scheme to construct an encrypted data access control solution that is suitable for mobile users in hybrid cloud system. In our improvement, we split the original decryption keys into a control key, a secret key and a set of transformation keys. The private cloud managed by the organization administrator takes charge of updating the transformation keys using the control key. It helps to handle the situation of flexible access management and attribute alteration. Meanwhile, the mobile user’s single secret key remains unchanged as well as the ciphertext even if the data user’s attribute has been revoked. In addition, we modify the access control list through adding the attributes with corresponding control key and transformation keys so as to manage user privileges depending upon the system version. Finally, the analysis shows that our scheme is secure, flexible and efficient to be applied in mobile hybrid cloud computing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Kaewpuang R, Niyato D, Wang P, Hossain E. A framework for cooperative resource management in mobile cloud computing. IEEE Journal on Selected Areas in Communications, 2013, 31(12): 2685-2700.

    Article  Google Scholar 

  2. Grobauer B, Walloschek T, Stocker E. Understanding cloud computing vulnerabilities. IEEE Security & Privacy, 2011, 9(2): 50-57.

    Article  Google Scholar 

  3. Jansen W, Grance T. Guidelines on security and privacy in public cloud computing. Journal of E-Governance, 2011, 34(3): 149-151.

    Google Scholar 

  4. Takabi H, Joshi J B D, Ahn G J. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 2010, 8(6): 24-31.

    Article  Google Scholar 

  5. Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. the 24th Annual Int. Conf. Theory and Applications of Cryptographic Techniques, May 2005, pp457-473.

  6. Goyal V, Pandey O, Sahai A,Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30-November 3, 2006, pp.89-98.

  7. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In Proc. IEEE Symp. Security and Privacy, May 2007, pp.321-334.

  8. Attrapadung N, Libert B, De Panafieu E. Expressive keypolicy attribute-based encryption with constant-size ciphertexts. In Proc. the 14th Int. Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography, March 2011, pp.90-108.

  9. Cheung L, Newport C. Provably secure ciphertext policy ABE. In Proc. the 14th ACM Conf. Computer and Communications Security, October 2007, pp.456-465.

  10. Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts. In Proc. the 20th USENIX Conf. Security, August 2011.

  11. Goyal V, Jain A, Pandey O, Sahai A. Bounded ciphertext policy attribute based encryption. In Proc. the 35th Int. Colloquium on Automata Languages and Programming, July 2008, pp.579-591.

  12. Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel and Distributed Systems, 2011, 22(7): 1214-1221.

    Article  Google Scholar 

  13. Lai J Z, Deng R H, Guan C W, Weng J. Attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Information Forensics and Security, 2013, 8(8): 1343-1354.

    Article  Google Scholar 

  14. Lewko A, Okamoto T, Sahai A, Takashima K, Waters B. Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption. In Proc. the 29th Annual Int. Conf. Theory and Applications of Cryptographic Techniques, May 30-June 3, 2010, pp.62-91.

  15. Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In Proc. the 14th ACM Conf. Computer and Communications Security, October 2007, pp.195-203.

  16. Pirretti M, Traynor P, McDaniel P, Waters B. Secure attribute-based systems. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30-November 3, 2006, pp.99-112.

  17. Rouselakis Y, Waters B. Practical constructions and new proof methods for large universe attribute-based encryption. In Proc. the ACM SIGSAC Conf. Computer & Communications Security, November 2013, pp.463-474.

  18. Waters B. Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In Proc. the 14th Int. Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography, March 2011, pp.53-70.

  19. Yu S C, Wang C, Ren K, Lou W J. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proc. IEEE INFOCOM, March 2010.

  20. Li M, Yu S C, Zheng Y, Ren K, Lou W J. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel and Distributed Systems, 2013, 24(1): 131-143.

    Article  Google Scholar 

  21. Zhou L, Varadharajan V, Hitchens M. Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Information Forensics and Security, 2013, 8(12): 1947-1960.

    Article  Google Scholar 

  22. Liu X J, Xia Y J, Xiang Y, Hassan M M, Alelaiwi A. A secure and efficient data sharing framework with delegated capabilities in hybrid cloud. In Proc. Int. Symp. Security and Privacy in Social Networks and Big Data, November 2015, pp.7-14.

  23. Xu J, Wen Q Y, Li W M, Jin Z P. Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans. Parallel and Distributed Systems, 2016, 27(1): 119-129.

    Article  Google Scholar 

  24. Beimel A. Secure schemes for secret sharing and key distribution [Ph.D. Thesis]. Faculty of Computer Science, Technion-Israel Institute of Technology, Israel, 1996.

  25. Lewko A, Waters B. Decentralizing attribute-based encryption. In Proc. the 30th Annual Int. Conf. Theory and Applications of Cryptographic Techniques: Advances in Cryptology, May 2011, pp.568-588.

  26. Boneh D, Franklin M K. Identity-based encryption from the Weil pairing. In Proc. the 21st Annual Int. Cryptology Conf. Advances in Cryptology, August 2001, pp.213-229.

  27. Blaze M, Bleumer G, Strauss M. Divertible protocols and atomic proxy cryptography. In Proc. Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, May 1998, pp.127-144.

  28. Singhal M, Chandrasekhar S, Ge T J, Sandhu R, Krishnan R, Ahn G J, Bertino E. Collaboration in multicloud computing environments: Framework and security issues. Computer, 2013, 46(2): 76-84.

    Article  Google Scholar 

  29. Canetti R, Halevi S, Katz J. Chosen-ciphertext security from identity-based encryption. In Proc. the 23rd Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, May 2004, pp.207-222.

  30. Li J W, Jia C F, Li J, Chen X F. Outsourcing encryption of attribute-based encryption with MapReduce. In Proc. the 14th Int. Conf. Information and Communications Security, October 2012, pp.191-201.

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China

    Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang & Hua Zhang

Authors
  1. Wen-Min Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xue-Lei Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qiao-Yan Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shuo Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hua Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wen-Min Li.

Electronic supplementary material

Below is the link to the electronic supplementary material.

ESM 1

(PDF 134 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Li, WM., Li, XL., Wen, QY. et al. Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System. J. Comput. Sci. Technol. 32, 974–990 (2017). https://doi.org/10.1007/s11390-017-1776-1

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-017-1776-1

Keywords

Search

Navigation