Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

An Efficient CP-ABE with Constant Size Secret Keys using ECC for Lightweight Devices

The energy cost of asymmetric cryptography is a vital component of modern secure communications, which inhibits its wide spread adoption within the ultra-low energy regimes such as Implantable Medical Devices (IMDs) and Radio Frequency Identification (RFID) tags. The ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic tool, where an encryptor can decide the access policy that who can decrypt the data. Thus, the data will be protected from the unauthorized users. However, most of the existing CP-ABE schemes require huge storage and computational overheads. Moreover, CP-ABE schemes based on bilinear map loose the high efficiency over the elliptic curve cryptography because of the requirement of the security parameters of larger size. These drawbacks prevent the use of ultra-low energy devices in practice. In this paper, we aim to propose a novel expressive AND-gate access structured CP-ABE scheme with constant-size secret keys (CSSK) with the cost efficient solutions for the encryption and decryption using ECC, called the CP-ABE-CSSK scheme. In the proposed CP-ABE-CSSK, the size of secret key is as small as 320 bits. In addition, ECC is efficient and more suitable for the lightweight devices as compared to the bilinear pairing based cryptosystem. Thus, the proposed CP-ABE-CSSK scheme provides the low computation and storage overheads with an expressive AND-gate access structure as compared to the related existing schemes in the literature. As a result, our scheme is very suitable for CP-ABE key storage and computation cost in the ultra-low energy devices

Constant-size threshold attribute based SignCryption for cloud applications

In this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users’ privacy as the identifying information for satisfying the access control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the Computational Diffie Hellman Assumption (CDH) are hard

Attribute-based encryption with encryption and decryption outsourcing

In this paper we propose a new scheme for ciphertext-policy attribute-based encryption that allows outsourcing of computationally expensive encryption and decryption steps. The scheme constitutes an important building block for mobile applications where both the host and users use mobile devices with limited computational power. In the proposed scheme, during encryption the host involves a semi-trusted proxy to encrypt a partially encrypted (by the host) message according to an access policy provided by the host. The proxy is unable to learn the message from this partially encrypted text. A user can only decrypt the stored ciphertext if he possesses secret keys associated with a set of attributes that satisfies the associated policy. To reduce computational load in the decryption step, the user, in his turn, involves a semi-trusted proxy (e.g. a cloud) by deploying the scheme of Green et al. (2011). The cloud is given a transformation key that facilitates construction of an El Gamal-ciphertext from the original ciphertext if the user\u27s attributes satisfy the ciphertext. This El Gamal-ciphertext can be then efficiently decrypted on the user\u27s resource-constrained device. The resulting ABE scheme with encryption and decryption outsourcing is proven to be secure in the generic group model

Analysis of Cryptographic Techniques for Attribute based Data Sharing

Now a day’s most of the people move their data to cloud services due to which it saves enormous cost. But they are taken aback due to one main reason “Security”. The vulnerabilities of cloud storage are extremely high, even the leading service providers have been compromised at some point .This paper is focusing on various modern techniques like key policy attribute based encryption, Ciphertext policy attribute based encryption, Hierarchical attribute based Encryption are discussed. So that it will be helpful for us to provide more security against vulnerabilities in cloud storage that are identified to be exploited. DOI: 10.17762/ijritcc2321-8169.150515

Constant-size ciphertexts in threshold attribute-based encryption without dummy attributes

Attribute-based encryption (ABE) is an augmentation of public key encryption that allows users to encrypt and decrypt messages based on users’ attributes. In a ( t, s ) threshold ABE, users who can decrypt a ciphertext must hold at least t attributes among the s attributes specified by the encryptor. At PKC 2010, Herranz, Laguillaumie and Ràfols proposed the first threshold ABE with constant-size ciphertexts. In order to ensure the encryptor can flexibly select the attribute set and a threshold value, they use dummy attributes to satisfy the decryption requirement. The advantage of their scheme is that any addition or removal of the attributes will not require any change to users’ private keys or public parameters. Unfortunately, the need for dummy attributes makes their scheme inefficient, since the computational cost of encryption is linear to the size of selected attribute set and dummy attribute set. In this work, we improve Herranz et al.’s work, and propose a new threshold ABE scheme which does not use any dummy attribute . Our scheme not only retains the nice feature of Herranz et al.’s scheme, but also offers two improvements in comparison to the previous work. Firstly, the computational costs of encryption and decryption are only linear in the size of the selected attribute set. Secondly, without any dummy attribute, most of the computations can be conducted without the knowledge of the threshold t . Hence, threshold change in the encryption phase does not require complete recomputation of the ciphertext

An Innovative Approach for Enhancing Cloud Data Security using Attribute based Encryption and ECC

Cloud computing is future for upcoming generations. Nowadays various companies are looking to use Cloud computing services, as it may benefit them in terms of price, reliability and unlimited storage capacity. Providing security and privacy protection for the cloud data is one of the most difficult task in recent days. One of the measures which customers can take care of is to encrypt their data before it is stored on the cloud. Recently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission and storage in the cloud computing. In this paper, an efficient hybrid approach using attribute-based encryption scheme and ECC is proposed to enhance the security and privacy issues in cloud. Here, the proposed scheme is based on Cipher text-Policy Attribute Based Encryption (CP-ABE) without bilinear pairing operations. In this approach, the computation-intensive bilinear pairing operation is replaced by the scalar multiplication on elliptic curves. Experimental results show that the proposed scheme has good cryptographic properties, and high security level which depends in the difficulty to solve the discrete logarithm problem on elliptic curves (ECDLP)

Secure data sharing in cloud and IoT by leveraging attribute-based encryption and blockchain

“Data sharing is very important to enable different types of cloud and IoT-based services. For example, organizations migrate their data to the cloud and share it with employees and customers in order to enjoy better fault-tolerance, high-availability, and scalability offered by the cloud. Wearable devices such as smart watch share user’s activity, location, and health data (e.g., heart rate, ECG) with the service provider for smart analytic. However, data can be sensitive, and the cloud and IoT service providers cannot be fully trusted with maintaining the security, privacy, and confidentiality of the data. Hence, new schemes and protocols are required to enable secure data sharing in the cloud and IoT. This work outlines our research contribution towards secure data sharing in the cloud and IoT. For secure data sharing in the cloud, this work proposes several novel attribute-based encryption schemes. The core contributions to this end are efficient revocation, prevention of collusion attacks, and multi-group support. On the other hand, for secure data sharing in IoT, a permissioned blockchain-based access control system has been proposed. The system can be used to enforce fine-grained access control on IoT data where the access control decision is made by the blockchain-based on the consensus of the participating nodes”--Abstract, page iv