Securely outsourcing the ciphertext-policy attribute-based encryption

Attribute-based Encryption (ABE) is a new and promising public key encryption that allows fine-grained authorization on data based on user attributes. Such property is favorable for multiple applications that require encrypted storage or access control on data, in particular: eHealth applications. However, ABE schemes are known not to be efficient in the encryption phase because ciphertext size and the time required to encrypt grow with the complexity of the access policy. Such drawback is critical in the context of pervasive computing, for instance, in the Internet of Things, where data producers are usually resource-constrained devices, e.g. smart phones or sensing platforms. In this work, we propose OEABE standing for Outsourcing mechanism for the Encryption of Ciphertext-Policy ABE (CP-ABE). We show how a user can offload expensive operations of CP-ABE encryption to a semi-trusted party in a secure manner. Our proposed mechanism requires only one exponentiation on resource-constrained devices. We provide also an informal security analysis of possible attacks from a semi-honest adversary against the proposed solution. To demonstrate the performance gains of our mechanism, we first conducted a performance estimation on an emulated Wismote sensor platform. Then, we implemented our proposal and did comparison to an existing implementation of CP-ABE on a laptop.