Journal of KIISE (정보과학회 논문지)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Constant-Size Ciphertext-Policy Attribute-Based Data Access and Outsourceable Decryption Scheme

고정 크기 암호 정책 속성 기반의 데이터 접근과 복호 연산 아웃소싱 기법

  • 한창희 (고려대학교 컴퓨터학과) ;
  • 허준범 (고려대학교 컴퓨터학과)
  • Received : 2016.05.10
  • Accepted : 2016.06.10
  • Published : 2016.08.15
⟨ Previous Next ⟩

Abstract

Sharing data by multiple users on the public storage, e.g., the cloud, is considered to be efficient because the cloud provides on-demand computing service at anytime and anywhere. Secure data sharing is achieved by fine-grained access control. Existing symmetric and public key encryption schemes are not suitable for secure data sharing because they support 1-to-1 relationship between a ciphertext and a secret key. Attribute based encryption supports fine-grained access control, however it incurs linearly increasing ciphertexts as the number of attributes increases. Additionally, the decryption process has high computational cost so that it is not applicable in case of resource-constrained environments. In this study, we propose an efficient attribute-based secure data sharing scheme with outsourceable decryption. The proposed scheme guarantees constant-size ciphertexts irrespective of the number of attributes. In case of static attributes, the computation cost to the user is reduced by delegating approximately 95.3% of decryption operations to the more powerful storage systems, whereas 72.3% of decryption operations are outsourced in terms of dynamic attributes.

클라우드와 같은 퍼블릭 스토리지 시스템은 언제 어디서든 온디맨드(on-demand) 컴퓨팅 서비스를 제공한다는 점에서, 다수 사용자 간 데이터 공유 환경으로 각광받고 있다. 안전한 데이터 공유는 세분화된 접근 제어를 통해 가능한데, 기존의 대칭키 및 공개키 기반 암호 기법은 암호문과 비밀키 간 일대일 대응만을 지원한다는 점에서 적합하지 않다. 속성 기반 암호는 세분화된 접근 제어를 지원하지만, 속성의 개수가 증가함에 따라 암호문의 크기도 함께 증가한다. 게다가, 복호에 필요한 연산비용이 매우 크기 때문에, 가용한 자원이 제한된 환경에서 비효율적이다. 본 연구에서는, 복호 연산의 아웃소싱을 지원하는 효율적인 속성 기반의 안전한 데이터 공유 기법을 제안한다. 제안 기법은 속성의 개수에 관계없이 항상 일정 크기의 암호문을 보장한다. 또한 정적 속성 환경에서 사용자 측면 연산 비용 절감을 지원하며, 이는 약 95.3%의 복호 연산을 고성능의 스토리지 시스템에 위임함으로써 가능하다. 반면 동적 송석 환경에서는 약 72.3%의 복호 연산 위임이 가능하다.

Keywords

Acknowledgement

Grant : 퍼블릭 클라우드의 안전한 이용을 위한 능동적 보안통제시스템 개발

Supported by : 한국연구재단, 정보통신기술진흥센터

References

  1. Shamir, A., Identity-based cryptosystems and signature schemes, Proc. CRYPTO, pp. 47-53, 1984.
  2. Sahai, A. & Waters, B., Fuzzy identity-based encryption, Advances in Cryptology-EUROCRYPT, pp. 457-473, 2005.
  3. Bobba, R., Khurana, H., AlTurki, M. & Ashraf, F. PBES: A policy based encryption system with application to data sharing in the power grid, Proc. of the 4-th international symposium on information, computer, and communications security, pp. 262-275, 2009.
  4. Waters, B., Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization, Public Key Cryptography-PKC, pp. 53-70, 2011.
  5. Alshehri, S., Radziszowski, S. P. & Raj, R. K., Secure access for healthcare data in the cloud using ciphertext-policy attribute-based encryption, Data Engineering Workshops (ICDEW), IEEE 28th International Conference on, pp. 143-146, 2012.
  6. Hur, J. Attribute-based secure data sharing with hidden policies in smart grid. Parallel and Distributed Systems, IEEE Transactions on, Vol. 24, No. 10, pp. 2171-2180, 2013. https://doi.org/10.1109/TPDS.2012.61
  7. Guo, L., Zhang, C., Sun, J. & Fang, Y., PAAS: A privacy-preserving attribute-based authentication system for ehealth networks, Distributed Computing Systems (ICDCS), IEEE 32nd International Conference on, pp. 224-233, 2012.
  8. Kapadia, A., Tsang, P. P. & Smith, S. W., Attribute-based publishing with hidden credentials and hidden policies, NDSS, pp. 179-192, 2007.
  9. Zhou, Z., Huang, D. & Wang, Z. Efficient privacypreserving ciphertext-policy attribute based-encryption and broadcast encryption. Computers, IEEE Transactions on, Vol. 64, No. 1, pp. 126-138, 2015.
  10. Zhou, Z. & Huang, D. On efficient ciphertext-policy attribute based encryption and broadcast encryption, Proc. of the 17th ACM conference on Computer and communications security, pp. 753-755, 2010.
  11. Bethencourt, J., Sahai, A. & Waters, B., Ciphertextpolicy attribute-based encryption, IEEE Symposium on Security and Privacy, pp. 321-334, 2007.
  12. Goyal, V., Jain, A., Pandey, O. & Sahai, A., Bounded ciphertext policy attribute based encryption, Automata, languages and programming, pp. 579-591, 2008.
  13. Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P. & Jonker, W., Mediated ciphertext-policy attributebased encryption and its application, Information security applications, pp. 309-323, 2009.
  14. Jung, T., Li, Y., Wan, Z. & Wan, M., Privacy preserving cloud data access with multi-authorities, INFOCOM, 2013 Proceedings IEEE, pp. 2625-2633, 2013.
  15. Bradshaw, R. W., Holt, J. E. & Seamons, K. E., Concealing complex policies with hidden credentials, Proc. of the 11th ACM conference on Computer and communications security, pp. 146-157, 2004.
  16. Li, J., Ren, K., Zhu, B. & Wan, Z., Privacy-aware attribute-based encryption with user accountability, Information Security, Springer Berlin Heidelberg, pp. 347-362, 2009.
  17. Green, M,. Hohenberger, S., & Waters, B., Outsourcing the Decryption of ABE Ciphertexts, USENIX Security Symposium, 2011.
  18. Lai, J., Deng, R. H., Guan, C., & Weng, J. Attributebased encryption with verifiable outsourced decryption. Information Forensics and Security, IEEE Transactions on, Vol. 8, No. 8, pp. 1343-1354, 2013. https://doi.org/10.1109/TIFS.2013.2271848
  19. Lin, S., Zhang, R., Ma, H., & Wang, M. Revisiting Attribute-Based Encryption With Verifiable Outsourced Decryption. Information Forensics and Security, IEEE Transactions on, Vol. 10, No. 10, pp. 2119-2130, 2015. https://doi.org/10.1109/TIFS.2015.2449264
  20. Jahid, S., Mittal, P., & Borisov, N., EASiER: Encryption-based access control in social networks with efficient revocation, Proc. of the 6-th ACM Symposium on Information, Computer and Communications Security, pp. 411-415, 2011.
  21. De Caro, A. & Iovino, V., jPBC: Java pairing based cryptography, Computers and Communications (ISCC), IEEE Symposium on, pp. 850-855, 2011.