AnonyControl: Control Cloud Data Anonymously with Multi-Authority Attribute-Based Encryption

Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. However, those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute- Based Encryption (ABE) have been proposed recently. However, the privacy problem of cloud computing is yet to be solved. This paper presents an anonymous privilege control scheme AnonyControl to address the user and data privacy problem in a cloud. By using multiple authorities in cloud computing system, our proposed scheme achieves anonymous cloud data access, finegrained privilege control, and more importantly, tolerance to up to (N -2) authority compromise. Our security and performance analysis show that AnonyControl is both secure and efficient for cloud computing environment.Comment: 9 pages, 6 figures, 3 tables, conference, IEEE INFOCOM 201

PHOABE : securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT

Attribute based encryption (ABE) is an encrypted access control mechanism that ensures efficient data sharing among dynamic group of users. Nevertheless, this encryption technique presents two main drawbacks, namely high decryption cost and publicly shared access policies, thus leading to possible users’ privacy leakage. In this paper, we introduce PHOABE, a Policy-Hidden Outsourced ABE scheme. Our construction presents several advantages. First, it is a multi-attribute authority ABE scheme. Second, the expensive computations for the ABE decryption process is partially delegated to a Semi Trusted Cloud Server. Third, users’ privacy is protected thanks to a hidden access policy. Fourth, PHOABE is proven to be selectively secure, verifiable and policy privacy preserving under the random oracle model. Five, estimation of the processing overhead proves its feasibility in IoT constrained environments

CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up

Ciphertext-Policy Attribute Based Encryption with Selectively-Hidden Access Policy

In conventional Ciphertext-Policy Attribute-Based Encryption (CP-ABE), the access policy appears in plaintext form that might reveal confidential user information and violate user privacy. CP-ABE with hidden access policies hides all attributes, but the computational burden increases due to the attribute hiding. In this paper, we present a Linear Secret Sharing Scheme (LSSS) access structure CP-ABE scheme that hides only sensitive attributes, rather than all attributes, in the access policy. We also provide an attribute selection method to choose these sensitive attributes and use an Attribute Bloom Filter (ABF) to hide them. Compared with the existing major CP-ABE schemes with hidden access policies, our proposed scheme is flexible in selecting attributes to hide. This scheme enhances the efficiency of policy hiding while still protecting policy privacy. Test results show that our approach is reasonable and feasible