Journal Article10.1109/TKDE.2011.78
Improving Security and Efficiency in Attribute-Based Data Sharing
410
TL;DR: This study proposes a novel CP-ABE scheme for a data sharing system by exploiting the characteristic of the system architecture and features the following achievements: the key escrow problem could be solved by escrow-free key issuing protocol, which is constructed using the secure two-party computation between the key generation center and the data-storing center, and fine-grained user revocation per each attribute could be done by proxy encryption.
read more
Abstract: With the recent adoption and diffusion of the data sharing paradigm in distributed systems such as online social networks or cloud computing, there have been increasing demands and concerns for distributed data security. One of the most challenging issues in data sharing systems is the enforcement of access policies and the support of policies updates. Ciphertext policy attribute-based encryption (CP-ABE) is becoming a promising cryptographic solution to this issue. It enables data owners to define their own access policies over user attributes and enforce the policies on the data to be distributed. However, the advantage comes with a major drawback which is known as a key escrow problem. The key generation center could decrypt any messages addressed to specific users by generating their private keys. This is not suitable for data sharing scenarios where the data owner would like to make their private data only accessible to designated users. In addition, applying CP-ABE in the data sharing system introduces another challenge with regard to the user revocation since the access policies are defined only over the attribute universe. Therefore, in this study, we propose a novel CP-ABE scheme for a data sharing system by exploiting the characteristic of the system architecture. The proposed scheme features the following achievements: 1) the key escrow problem could be solved by escrow-free key issuing protocol, which is constructed using the secure two-party computation between the key generation center and the data-storing center, and 2) fine-grained user revocation per each attribute could be done by proxy encryption which takes advantage of the selective attribute group key distribution on top of the ABE. The performance and security analyses indicate that the proposed scheme is efficient to securely manage the data distributed in the data sharing system.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing
TL;DR: An efficient file hierarchy attribute-based encryption scheme is proposed in cloud computing that combines layered access structures into a single access structure, and then, the hierarchical files are encrypted with the integrated access structure.
310
User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage
TL;DR: This work formalizes the definition and security model, which model collusion attack executed by the existing users cooperating with the revoked users, and presents a user collusion avoidance ciphertext-policy ABE scheme with efficient attribute revocation for the cloud storage system.
233
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cloud Computing
TL;DR: To enable cloud servers to perform secure search without knowing the actual data of both keywords and trapdoors, a novel secure search protocol is systematically constructed and a novel additive order and privacy preserving function family is proposed.
181
Patent
Adaptive multi-interface use for content networking
Van L. Jacobson,James D. Thornton +1 more
- 23 Dec 2014
TL;DR: In this article, a hierarchical structured variable-length identifier (HSVLI) is used to indicate a piece of content and indicate a hierarchical structure of contiguous components ordered from a most general level to a most specific level.
181
An efficient access control scheme with outsourcing capability and attribute update for fog computing
Peng Zhang,Zehong Chen,Joseph K. Liu,Kaitai Liang,Hongwei Liu +4 more
- 01 Jan 2018
TL;DR: This paper proposes the first access control (CP-ABE) scheme supporting outsourcing capability and attribute update for fog computing, and the security analysis shows that the proposed scheme is secure under the decisional bilinear Diffie–Hellman assumption.
177
References
Identity-Based Encryption from the Weil Pairing
Dan Boneh,Matthew K. Franklin +1 more
- 19 Aug 2001
TL;DR: This work proposes a fully functional identity-based encryption scheme (IBE) based on the Weil pairing that has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem.
Attribute-based encryption for fine-grained access control of encrypted data
Vipul Goyal,Omkant Pandey,Amit Sahai,Brent Waters +3 more
- 30 Oct 2006
TL;DR: This work develops a new cryptosystem for fine-grained sharing of encrypted data that is compatible with Hierarchical Identity-Based Encryption (HIBE), and demonstrates the applicability of the construction to sharing of audit-log information and broadcast encryption.
Ciphertext-Policy Attribute-Based Encryption
John Bethencourt,Amit Sahai,Brent Waters +2 more
- 20 May 2007
TL;DR: A system for realizing complex access control on encrypted data that is conceptually closer to traditional access control methods such as role-based access control (RBAC) and secure against collusion attacks is presented.
Identity-Based Encryption from the Weil Pairing
Dan Boneh,Matthew K. Franklin +1 more
TL;DR: This work proposes a fully functional identity-based encryption (IBE) scheme based on bilinear maps between groups and gives precise definitions for secure IBE schemes and gives several applications for such systems.
Fuzzy identity-based encryption
Amit Sahai,Brent Waters +1 more
- 22 May 2005
TL;DR: In this article, a new type of identity-based encryption called Fuzzy Identity-Based Encryption (IBE) was introduced, where an identity is viewed as set of descriptive attributes, and a private key for an identity can decrypt a ciphertext encrypted with an identity if and only if the identities are close to each other as measured by the set overlap distance metric.
Related Papers (5)
John Bethencourt,Amit Sahai,Brent Waters +2 more
- 20 May 2007
Matthew Green,Giuseppe Ateniese +1 more
- 05 Jun 2007