KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Improving Security and Privacy-Preserving in Multi-Authorities Ciphertext-Policy Attribute-Based Encryption

  • Hu, Shengzhou (College of Computer and Information, Hohai University) ;
  • Li, Jiguo (College of Computer and Information, Hohai University) ;
  • Zhang, Yichen (College of Computer and Information, Hohai University)
  • Received : 2017.12.06
  • Accepted : 2018.03.13
  • Published : 2018.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Most of existing privacy-preserving multi-authorities attribute-based encryption schemes (PP-MA-ABE) only considers the privacy of the user identity (ID). However, in many occasions information leakage is caused by the disclosing of his/her some sensitive attributes. In this paper, we propose a collusion-resisting ciphertext-policy PP-MA-ABE (CRPP-MACP-ABE) scheme with hiding both user's ID and attributes in the cloud storage system. We present a method to depict anonymous users and introduce a managerial role denoted by IDM for the management of user's anonymous identity certificate ($AID_{Cred}$). The scheme uses $AID_{Cred}$ to realize privacy-preserving of the user, namely, by verifying which attribute authorities (AAs) obtain the blinded public attribute keys, pseudonyms involved in the $AID_{Cred}$ and then distributes corresponding private keys for the user. We use different pseudonyms of the user to resist the collusion attack launched by viciousAAs. In addition, we utilize IDM to cooperate with multiple authorities in producing consistent private key for the user to avoid the collusion attack launched by vicious users. The proposed CRPP-MACP-ABE scheme is proved secure. Some computation and communication costs in our scheme are finished in preparation phase (i.e. user registration). Compared with the existing schemes, our scheme is more efficient.

Keywords

Acknowledgement

Supported by : National Natural Science Foundation of China, Jiangsu Provincial Natural Science Foundation of China, Science Department in Jiangxi Province

References

  1. Hao. Yan, J. Li, J. Han. "A novel efficient remote data possession checking protocol in cloud storage," IEEE Transactions on Information Forensics and Security, Vol. 12, no. 1, pp: 78-88, August, 2017. https://doi.org/10.1109/TIFS.2016.2601070
  2. J. Li, H. Yan, and Y. Zhang. "Certificateless public integrity checking of group shared data on cloud storage," IEEE Transactions on Services Computing, 2018.
  3. H. Li, H. Zhu, S. Du, X. Liang, X. (Sherman) Shen, "Privacy leakage of location sharing in mobile social networks: attacks and defense," IEEE Transactions on Dependable and Secure Computing, August, 2016.
  4. H. Li, Q. Chen, H. Zhu, D. Ma, H. Wen, X. (Sherman) Shen, "Privacy leakage via de-anonymization and aggregation in heterogeneous social networks," IEEE Transactions on Dependable and Secure Computing, 2017,
  5. A. Sahai and B. Waters, "Fuzzy identity-based encryption," in Proc. of 24th Annu. Int.Conf. Theory Appl. Cryptograph. Techn, pp. 457-473, May 22-26, 2005.
  6. V. Goyal, O. Pandey, A. Sahai and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in Proc. of 13th ACM Conf. Comput. Commun. Security, pp. 89-98, October 30 - November 03, 2006.
  7. J. Li, W. Yao, Y. Zhang, H. Qian and J. Han, "Flexible and fine-grained attribute-based data storage in cloud computing," IEEE Trans. Service Comput, vol. 10, no. 5, pp. 785-796, 2017. https://doi.org/10.1109/TSC.2016.2520932
  8. S.Yu, C. Wang, K. Ren, et al., "Achieving secure, scalable, and fine-grained data access control in cloud computing," in Proc. of IEEE INFOCOM 2010, pp. 1-9, March 14-19, 2010.
  9. K. Yang, X. Jia, R. Kui, "Attributed-based fine-grained access control with efficient revocation in cloud storage systems," in Proc. of the 8th ACM SIGSAC symposium on Information, Computer and Communications Security. ACM, pp. 523-528, May 08 - 10, 2013.
  10. M. Chase, "Multi-authority attribute based encryption," in Proc. of Theory of Cryptography (Lecture Notes in Computer Science), vol. 4392, Heidelberg, Germany: Springer-Verlag, pp. 515-534, 2007.
  11. M. Chase and S. S. Chow, "Improving privacy and security in multi-authority attribute-based encryption," in Proc. of 16th ACM Conf. CCS, pp. 121-130, November 09-13, 2009.
  12. J. Han, W. Susilo, Y. Mu and J. Yan, "Privacy-preserving decentralized key-policy attribute-based encryption," IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 11, pp. 2150-2162, Nov. 2012. https://doi.org/10.1109/TPDS.2012.50
  13. H. Qian, J. Li and Y. Zhang, "Privacy-preserving decentralized ciphertext-policy attribute-based encryption with fully hidden access structure," in Proc. of Information and Communications Security (Lecture Notes in Computer Science), vol. 8233, Heidelberg, Germany: Springer-Verlag, pp. 363-372, 2013.
  14. H. Qian, J. Li, Y. Zhang and J. Han, "Privacy preserving personal health record using multi-authority attribute-based encryption with revocation," Int. J. Inf. Secur., vol. 14, no. 6, pp. 487-497, November, 2015. https://doi.org/10.1007/s10207-014-0270-9
  15. J. Han, W. Susilo, Y. Mu, et al., "Improving privacy and security in decentralized ciphertext-policy attribute-based encryption," IEEE Transactions on information forensics and security, vol. 10, no. 3, pp. 665-678, Mar. 2015. https://doi.org/10.1109/TIFS.2014.2382297
  16. M. Wang, Z. Zhang, C. Chen, "Security analysis of a privacy-preserving decentralized ciphertext-policy attribute-based encryption scheme," Concurrency & Computation Practice & Experience, vol. 28, no. 4:pp. 1237-1245, August 18, 2016. https://doi.org/10.1002/cpe.3623
  17. J. Bethencourt, A. Sahai and B. Waters, "Ciphertext-policy attribute based encryption," in Proc. of IEEE Symp. SP, pp. 321-334, May, 2007.
  18. R. Ostrovsky, A. Sahai, and B. Waters, "Attribute-based encryption with non-monotonic access structures," in Proc. of 14th ACM Conf. CCS, pp. 195-203, 2007.
  19. A. Lewko, T. Okamoto, A. Sahai, K. Takashima and B. Waters, "Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption," in Proc. of International Conference on Theory and Applications of Cryptographic Techniques (Lecture Notes in Computer Science), vol. 6110. Heidelberg, Germany: Springer-Verlag, pp. 62-91, May 30 - June 3, 2010.
  20. B. Waters, "Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization," in Proc. of Public Key Cryptography (Lecture Notes in Computer Science), vol. 6571. Heidelberg, Germany: Springer-Verlag, pp. 53-70, March 6-9, 2011.
  21. K. Emura, A. Miyaji, A. Nomura, et al., "A ciphertext-policy attribute-based encryption scheme with constant ciphertext length," in Proc. of International Conference on Information Security Practice and Experience, Springer-Verlag, pp. 13-23, April 13-15, 2009.
  22. J. Li, F. Sha, Y. Zhang, X. Huang and J. Shen. "Verifiable outsourced decryption of attribute-based encryption with constant ciphertext length," Security and Communication Networks, 2017.
  23. Z. Wan, J. Liu, RH. Deng, "HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing," IEEE Transaction on Information Forensics and Security, vol. 7, no. 2, pp. 743-754, April, 2012. https://doi.org/10.1109/TIFS.2011.2172209
  24. H. Deng, Q. Wu, B. Qin, J. Domingo-Ferrer, L. Zhang, J. Liu, W. Shi. "Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts," Information Sciences. vol. 275, pp. 370-384, August, 2014. https://doi.org/10.1016/j.ins.2014.01.035
  25. Y. Guo, J. Li, Y. Zhang, J. Shen. "Hierarchical attribute-based encryption with continuous auxiliary inputs leakage," Security and Communication Networks, vol. 18, no. 9, pp. 4852-4862, 2016.
  26. J. Hur and D.K. Noh, "Attribute-based access control with efficient revocation in data outsourcing systems," IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 7, pp. 1214-1221, July, 2011. https://doi.org/10.1109/TPDS.2010.203
  27. J. Lai, RH. Deng, Y. Li, "Fully secure ciphertext-policy hiding CP-ABE," in Proc. of International Conference on Information Security Practice and Experience, Springer-Verlag, pp. 24-39, May 30 - June 1, 2011.
  28. J. Li, H. Wang, Y. Zhang, J. Shen. "Ciphertext-policy attribute-based encryption with hidden access policy and testing," KSII Transactions on Internet and Information Systems, vol. 10, no. 7, pp. 3339-3352, July, 2016. https://doi.org/10.3837/tiis.2016.07.026
  29. K. Yang, X. Jia, "Expressive efficient and revocable data access control for multi-authority cloud storage," IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 7, pp.1735-1744, July, 2014. https://doi.org/10.1109/TPDS.2013.253
  30. Y. Chen, L. Song, G. Yang, "Attribute-based access control for multi-authority systems with constant size ciphertext in cloud computing," China Communication, vol. 13, no. 2, pp. 146-162, February, 2016. https://doi.org/10.1109/CC.2016.7405733
  31. J. Li, W. Yao, J. Han, Y. Zhang and J. Shen, "User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage," IEEE Systems Journal, 2017.
  32. Y. Rahulamathavan, S. Veluru, J. Han, et al., "User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption," IEEE Transactions on Computers, vol. 65, no. 9, pp.2939-2946, Sept 9, 2016. https://doi.org/10.1109/TC.2015.2510646
  33. Z. Liu, Z. Cao, Q. Huang, et al., "Fully secure multi-authority ciphertext-policy attribute-based encryption without random oracles," in Proc. of European Conference on Research in Computer Security, Springer-Verlag, pp.278-297, September 12-14, 2011.
  34. J. Li, X. Lin, Y. Zhang and J. Han, "KSF-OABE: outsourced attribute-based encryption with keyword search function for cloud storage," IEEE Trans. Service Comput., 10(5): 715-725, 2017. https://doi.org/10.1109/TSC.2016.2542813
  35. J. Li, Y. Shi, Y. Zhang. "Searchable ciphertext-policy attribute-based encryption with revocation in cloud storage," International Journal of Communication Systems, vol. 30, no. 1, January, 2017.
  36. J. Ning, Z. Cao, X. Dong, H. Ma, L. Wei, K. Liang. "Auditable ${\sigma}$-times outsourced attribute-based encryption for access control in cloud computing". IEEE Transactions on Information Forensics and Security.
  37. J. Li, Y. Wang, Y. Zhang, J. Han. "Full verifiability for outsourced decryption in attribute based encryption," IEEE Transactions on Services Computing, May, 2017.
  38. J. Ning, X. Dong, Z. Cao, L. Wei and X. Lin. "White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes," IEEE Transactions on Information Forensics and Security, vol. 10, no. 6, pp. 1274-1288, June, 2015. . https://doi.org/10.1109/TIFS.2015.2405905
  39. J. Ning, Z. Cao, X. Dong, and L. Wei. "White-box traceable CP-ABE for cloud storage service: how to catch people leaking their access credentials effectively," IEEE Transactions on Dependable and Secure Computing.
  40. J. Li, Q. Yu, Y. Zhang. "Key-policy attribute-based encryption against continual auxiliary input leakage," Information Sciences, 2018.
  41. Moni Naor, Benny Pinkas and Omer Reingold, "Distributed pseudo-random functions and KDCs," in Proc. of EUROCRYPT' 1999, vol. 1592, pp. 327-346, Springer, April 15, 1999.
  42. D. Boneh, B. Lynn and H. Shacham, "Short signatures from the Weil pairing," J. Cryptology, vol. 17, no.4, pp. 297-319, Sept, 2004. https://doi.org/10.1007/s00145-004-0314-9
  43. A. Beime, "Secure schemes for secret sharing and key distribution," Ph.D. dissertation, Dept. Comput. Sci., Technion-Israel Inst. Technol., Haifa, Israel, 1996.