nach oben

Cluster Computing

Erschienen in:

01.01.2021

PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems

verfasst von: Kamalakanta Sethi, Ankit Pradhan, Padmalochan Bera

Erschienen in: Cluster Computing | Ausgabe 2/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Attribute-based encryption (ABE) has evolved as an efficient and secure method for storage of data with fine-grained access control in cloud platforms. In recent years, increasing diversification in the design of ABE schemes has led to significant research in the assimilation of properties like traceability, revocation, and outsourcing decryption. However, most of the recent ABE schemes incorporate few of these properties and hence lack in robustness to adapt with varying demands of cloud systems. In modern ABE designs, the notions of forward and backward secrecy have been introduced to accommodate the delegation of a large number of heterogeneous users in the system. In general, these features are realized under the concept of user revocation. On the other hand, to control malicious users in the system, it is necessary to implement traceability in integration with user revocation. Finally, for resource-constrained users, outsourcing decryption to proxy servers is a viable option. Thus, we propose PMTER-ABE, a practical decentralized multi-authority traceable and efficiently revocable attribute-based cryptosystem with outsourcing decryption advantage. The key features of our cryptosystem are (i) incorporating large attribute universe with highly expressive policies, (ii) integrating forward and backward secrecy under user revocation, (iii) implementing white-box traceability to detect malicious users, and (iv) outsourcing decryption to reduce the computational overhead of decryption on users. We present the formal proofs for correctness, security, and traceability of PMTER-ABE along with performance analysis. The efficiency and usability of PMTER-ABE is shown with practical implementation and experimental results.

Vorheriger Artikel An efficient policy evaluation engine with locomotive algorithm

Nächster Artikel Cooperative game approach to form overlapping cloud federation based on inter-cloud architecture

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Wei, J., Liu, W., Hu, X.: Secure and efficient attribute-based access control for multiauthority cloud storage. IEEE Syst. J. 12(2), 1731–1742 (2018). https://doi.org/10.1109/JSYST.2016.2633559CrossRef

Chase, M.: Multi-authority attribute based encryption. In: Proceedings of the 4th theory of cryptography conference, Amsterdam, The Netherlands, pp. 515–534 (2007). https://doi.org/10.1007/978-3-540-70936-7_28

Ning, J., Dong, X., Cao Z.Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud, In: Proc. of the European Symposium on Research in Computer Security, Vienna, pp. 270–289 (2015). https://doi.org/10.1007/978-3-319-24177-7_14

Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forens. Secur. 8, 76–88 (2013). https://doi.org/10.1109/TIFS.2012.2223683CrossRef

Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proc. of the 6th ACM Symposium on Information, Computer, and Communications Security, Hong Kong, pp. 386–390 (2011). https://doi.org/10.1145/1966913.1966964

Zhou, J., Cao, Z., Dong, X., Lin, X.: TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems. In: Proceedings of the IEEE INFOCOM 2015, Hong Kong, China, pp. 2398–2406 (2015) https://doi.org/10.1109/INFOCOM.2015.7218628

Liu, Z., Wong, D.S.: Practical attribute-based encryption: traitor tracing. Revocation and large universe. Comput. J. 59(7), 983–1004 (2016). https://doi.org/10.1093/comjnl/bxv101MathSciNetCrossRef

Zhang, K., Li, H., Ma, J., et al.: Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability. Sci. China Inf. Sci. 61, 032102 (2018). https://doi.org/10.1007/s11432-016-9019-8CrossRef

Liang, X., Li, X., Lu, R., Lin, X., Shen, X.: An efficient and secure user revocation scheme in mobile social networks. In: 2011 IEEE Global Telecommunications Conference—GLOBECOM 2011, Kathmandu, pp. 1–5 (2011). https://doi.org/10.1109/GLOCOM.2011.6134273

10.

Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2014). https://doi.org/10.1109/TPDS.2013.253CrossRef

11.

Hur, J.: Attribute-based secure data sharing with hidden policies in smart grid. IEEE Trans. Parallel Distrib. Syst. 24(11), 2171–2180 (2013). https://doi.org/10.1109/TPDS.2012.61CrossRef

12.

Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: Proc. 20th USENIX security symp., pp. 1–16. USENIX Association (2011)

13.

Liu, Z., Jiang, Z.L., Wang, X., Yiu, S.M.: Practical attribute-based encryption: outsourcing decryption, attribute revocation and policy updating. J. Netw. Comput. Appl. 108, 112–123 (2018). https://doi.org/10.1016/j.jnca.2018.01.016CrossRef

14.

Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proc. Advances in Cryptology-EUROCRYPT, vol. 3494, pp. 457–473. LNCS (2005). https://doi.org/10.1007/11426639_27

15.

Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attibute-based encryption for fine-grained access control of encrypted data. In: Proc. ACM Conf. Computer and Communications Security (ACM CCS), pp. 89-98, Virginia, USA (2006). https://doi.org/10.1145/1180405.1180418

16.

Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proc. IEEE Symp. Security and Privacy, Oakland, CA, (2007). https://doi.org/10.1109/SP.2007.11

17.

Lewko, A., Waters, B.: New proof methods for attribute-based encryption: Achieving full security through selective techniques. In: Advances in Cryptology, pp. 180–198. Springer-Verlag, Berlin (2012). https://doi.org/10.1007/978-3-642-32009-5_12

18.

Hohenberger, S., Waters, B.: Attribute-based encryption with fast decryption. In: Public-Key Cryptography, pp. 162–179. Springer-Verlag, Berlin (2013). https://doi.org/10.1007/978-3-642-36362-7_11

19.

Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute-based encryption. In: Automata, Languages and Programming, pp. 579-591. Springer-Verlag, Berlin (2008). https://doi.org/10.1007/978-3-540-70583-3_47

20.

Kalaivani, A., Ananthi, B., Sangeetha, S.: Enhanced hierarchical attribute based encryption with modular padding for improved public auditing in cloud computing using semantic ontology. Cluster Comput. 22, 3783–3790 (2019). https://doi.org/10.1007/s10586-018-2346-1CrossRef

21.

Chase, M., Chow, S.S.: Improving privacy and security in multi-authority attribute based encryption. In: Proc. of the 16th ACM Conference on Computer and Communications Security, pp. 121–130 (2009)

22.

Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: EUROCRYPT, pp. 568–588 (2011). https://doi.org/10.1007/978-3-642-20465-4_31

23.

Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proc. of the 20th ACM Conference on Computer and Communications Security, Berlin, pp. 463–574 (2013). https://doi.org/10.1145/2508859.2516672

24.

Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Böhme R., Okamoto T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science, vol. 8975. Springer, Berlin, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_19

25.

Hinek, M.J., Jiang, S., Safavi-Naini, R., Shahandashti, S.F.: Attribute-based encryption with key cloning protection. In: Cryptology ePrint Archive, Report 2008/478 (2008)

26.

Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forens. Secur. 10(6), 1274–1288 (2015). https://doi.org/10.1109/TIFS.2015.2405905CrossRef

27.

Qiaoab, H., Rena, J., Wanga, Z., Baa, H., Zhoua, H.: Compulsory traceable ciphertext-policy attribute-based encryption against privilege abuse in fog computing. Future Gener. Comput. Syst. 88, 107–116 (2018). https://doi.org/10.1016/j.future.2018.05.032CrossRef

28.

Ning, J.T., Cao, Z.F., Dong, X.L., Wei, L.: Traceable and revocable CP-ABE with shorter ciphertexts. Sci. China Inf. Sci. 59, 119102 (2016)CrossRef

29.

Wang, Y.T., Chen, K.F., Long, Y., Liu, Z.: Accountable authority key policy attribute-based encryption. Sci. China Inf. Sci., 1631–1638 (2012). https://doi.org/10.1007/s11432-012-4594-7

30.

Sethi, K., Pradhan, A., Bera, P.: Practical traceable multi-authority CP-ABE with outsourcing decryption and access policy updation. J. Inf. Securi. Appl. 51, 102435 (2020). https://doi.org/10.1016/j.jisa.2019.102435CrossRef

31.

Ning, J., Cao, Z., Dong, X., Wei, L.: White-box traceable CP-ABE for Cloud storage service: how to catch people leaking their access credentials effectively. In: IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 5, pp. 883–897 (2018). https://doi.org/10.1109/TDSC.2016.2608343

32.

Yan, X., He, X., Yu, J., Tang, Y.: White-box traceable ciphertext-policy attribute-based encryption in multi-domain environment. IEEE Access 7, 128298–128312 (2019). https://doi.org/10.1109/ACCESS.2019.2939413CrossRef

33.

Yang, K., Jia, X., Ren, K., Zhang, B.: DAC-MACS: Effective data access control for multi-authority cloud storage systems. In: 2013 Proceedings IEEE INFOCOM, Turin, pp. 2895–2903 (2013). https://doi.org/10.1109/INFCOM.2013.6567100

34.

Li, Q., Ma, J., Li, R., Liu, X., Xiong, J., Chen, D.: Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016). https://doi.org/10.1016/j.cose.2016.02.002CrossRef

35.

Li, J., Yao, W., Han, J., Zhang, Y., Shen, J.: User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst. J. 12(2), 1767–1777 (2018). https://doi.org/10.1109/JSYST.2017.2667679CrossRef

36.

Chow, S.S.M.: A framework of multi-authority attribute-based encryption with outsourcing and revocation. In: Proc. 21st ACM Symp. Access Control Models Technol., pp. 215–226 (2016). https://doi.org/10.1145/2914642.2914659

37.

Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013). https://doi.org/10.1109/TPDS.2012.97CrossRef

38.

Liang, X., Li, X., Lu, R., Lin, X., Shen, X.: An efficient and secure user revocation scheme in mobile social networks. In: Proc. IEEE GLOBECOM 2011, pp. 1–5 (2011). https://doi.org/10.1109/GLOCOM.2011.6134273

39.

Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Advances in Cryptology, pp. 199-217. Springer-Verlag, Berlin (2012)

40.

Florence, M.L., Suresh, D.: Enhanced secure sharing of PHR’s in cloud using user usage based attribute based encryption and signature with keyword search. Cluster Comput. 22, 13119–13130 (2019). https://doi.org/10.1007/s10586-017-1276-7CrossRef

41.

Liu, Z., Duan, S., Zhou, P., Wang, B.: Traceable-then-revocable ciphertext-policy attribute-based encryption scheme. In: Future Generation Computer Systems, vol. 93, pp. 903–913 (2019) ISSN 0167-739X. https://doi.org/10.1016/j.future.2017.09.045

42.

Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable -time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forens. Secur. 13(1), 94–105 (2018). https://doi.org/10.1109/TIFS.2017.2738601CrossRef

43.

Li, J., Wang, Y., Zhang, Y., Han, J.: Full verifiability for outsourced decryption in attribute based encryption. In: IEEE Transactions on Services Computing, vol. 13, no. 3, pp. 478-487 (2020). https://doi.org/10.1109/TSC.2017.2710190

44.

Chow, S.S.M.: A framework of multi-authority attribute-based encryption with outsourcing and revocation. In: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (SACMAT’16). ACM, New York, pp. 215–226 (2016). https://doi.org/10.1145/2914642.2914659

45.

Li, J., Sha, F., Zhang, Y., Huang, X., Shen, J.: Verifiable outsourced decryption of attribute-based encryption with constant ciphertext length. Secur. Commun. Netw. (2017). https://doi.org/10.1155/2017/3596205CrossRef

46.

Jiang, Z.L., Zhang, R., Liu, Z., Yiu, S., Hui, L.C., Wang, X., Fang, J.: A revocable outsourcing attribute-based encryption scheme. In: Proc. CloudComp 2016, Guangzhou, China, November 25–26, pp. 145–161. Springer-Verlag, Cham (2016)

47.

Tu, Y., Yang, G., Wang, J., et al.: A secure, efficient and verifiable multimedia data sharing scheme in fog networking system. Cluster Comput. (2020). https://doi.org/10.1007/s10586-020-03101-6CrossRef

48.

Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Faculty Comput. Sci., Technion-Israel Inst. Technol., Haifa, Israel (1996)

49.

Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: PKC (2011). https://doi.org/10.1007/978-3-642-19379-8_4

50.

Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: Proc. 15th ACM Conf. Comput. Commun. Security, pp. 417–426 (2008). https://doi.org/10.1145/1455770.1455823

51.

Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. J. Cryptol. 20(3), 265–294 (2007). https://doi.org/10.1007/3-540-39200-9_16MathSciNetCrossRefMATH

52.

Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Crypt. (2008). https://doi.org/10.1007/s00145-007-9005-7MathSciNetCrossRefMATH

53.

Chen, J., Ma, H.: Efficient decentralized attribute-based access control for cloud storage with user revocation. In: 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, pp. 3782–3787 (2014). https://doi.org/10.1109/ICC.2014.6883910

54.

Li, Q., Zhu, H., Ying, Z., Zhang, T.: Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in eHealth cloud. Wirel. Commun. Mobile Comput. (2018). https://doi.org/10.1155/2018/1701675CrossRef

55.

Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. (2013). https://doi.org/10.1007/s13389-013-0057-3CrossRef

Titel: PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems
verfasst von: Kamalakanta Sethi
Ankit Pradhan
Padmalochan Bera
Publikationsdatum: 01.01.2021
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 2/2021
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-020-03202-2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2021

Parallel deterministic local search heuristic for minimum latency problem

CCS-OSSR: A framework based on Hybrid MCDM for Optimal Service Selection and Ranking of Cloud Computing Services

Platonica: an efficient and high-performance dual-centric data center network architecture

Power efficient virtual machine placement in cloud data centers with a discrete and chaotic hybrid optimization algorithm

Migrating legacy Web applications

Dynamic large branching hash tree based secure and efficient dynamic auditing protocol for cloud environment

Premium Partner