Attribute-Based Encryption Optimized for Cloud Computing

Abstract. In this work, we aim to make attribute-based encryption (ABE) more suitable for access control to data stored in the cloud. For this purpose, we concentrate on giving to the encryptor full control over the access rights, providing feasible key management even in case of multiple independent authorities, and enabling viable user revocation, which is essential in practice. Our main result is an extension of the decentralized CP-ABE scheme of Lewko and Waters [LW11] with identity-based user revocation. Our revocation system is made feasible by removing the computational burden of a revocation event from the cloud service provider, at the expense of some permanent, yet acceptable overhead of the encryption and decryption algorithms run by the users. Thus, the computation overhead is distributed over a potentially large number of users, instead of putting it on a single party (e.g., a proxy server), which would easily lead to a performance bottleneck. Besides describing our scheme, we also give a formal proof of its security in the generic bilinear group and random oracle models.

Mediated Ciphertext-Policy Attribute-Based Encryption and its Application (extended version)

In Ciphertext-Policy Attribute-Based Encryption (CP-ABE), a user secret key is associated with a set of attributes, and the ciphertext is associated with an access policy over attributes. The user can decrypt the ciphertext if and only if the attribute set of his secret key satisfies the access policy specified in the ciphertext. Several CP-ABE schemes have been proposed, however, some practical problems, such as attribute revocation, still needs to be addressed. In this paper, we propose a mediated Ciphertext-Policy Attribute-Based Encryption (mCP-ABE) which extends CP-ABE with instantaneous attribute revocation. Furthermore, we demonstrate how to apply the proposed mCP-ABE scheme to securely manage Personal Health Records (PHRs)

Offline privacy preserving proxy re-encryption in mobile cloud computing

This paper addresses the always online behavior of the data owner in proxy re- encryption schemes for re-encryption keys issuing. We extend and adapt multi-authority ciphertext policy attribute based encryption techniques to type-based proxy re-encryption to build our solution. As a result, user authentication and user authorization are moved to the cloud server which does not require further interaction with the data owner, data owner and data users identities are hidden from the cloud server, and re-encryption keys are only issued to legitimate users. An in depth analysis shows that our scheme is secure, flexible and efficient for mobile cloud computing

Attribute-based encryption for cloud computing access control: A survey

National Research Foundation (NRF) Singapore; AXA Research Fun

Secure Management of Personal Health Records by Applying Attribute-Based Encryption

The confidentiality of personal health records is a major problem when patients use commercial Web-based systems to store their health data. Traditional access control mechanisms, such as Role-Based Access Control, have several limitations with respect to enforcing access control policies and ensuring data confidentiality. In particular, the data has to be stored on a central server locked by the access control mechanism, and the data owner loses control on the data from the moment when the data is sent to the requester. Therefore, these mechanisms do not fulfil the requirements of data outsourcing scenarios where the third party storing the data should not have access to the plain data, and it is not trusted to enforce access control policies. In this paper, we describe a new approach which enables secure storage and controlled sharing of patient’s health records in the aforementioned scenarios. A new variant of a ciphertext-policy attribute-based encryption scheme is proposed to enforce patient/organizational access control policies such that everyone can download the encrypted data but only authorized users from the social domain (e.g. family, friends, or fellow patients) or authorized users from the professional\ud domain (e.g. doctors or nurses) are allowed to decrypt it

Novel Techniques for Secure Use of Public Cloud Computing Resources

The federal government has an expressed interest in moving data and services to third party service providers in order to take advantage of the flexibility, scalability, and potential cost savings. This approach is called cloud computing. The thesis for this research is that efficient techniques exist to support the secure use of public cloud computing resources by a large, federated enterprise. The primary contributions of this research are the novel cryptographic system MA-AHASBE (Multi-Authority Anonymous Hierarchical Attribute-Set Based Encryption), and the techniques used to incorporate MA-AHASBE in a real world application. Performance results indicate that while there is a cost associated with enforcing the suggested security model, the cost is not unreasonable and the benefits in security can be significant. The contributions of this research give the DoD additional tools for supporting the mission while taking advantage of the cost efficient public cloud computing resources that are becoming widely available

Distributed Multi-authority Attribute-based Encryption Scheme for Friend Discovery in Mobile Social Networks

AbstractIn recent years, the rapid expansion of the capability of portable devices, cloud servers and cellular network technologies is the wind beneath the wing of mobile social networks. Compared to traditional web-based online social networks, the mobile social networks can assist users to easily discover and make new social interaction with others. A challenging task is to protect the privacy of the users’ profiles and communications. Existing works are mainly based on traditional cryptographic methods, such as homomorphic and group signatures, which are very computationally costly. In this paper, we propose a novel distributed multi-authority attribute-based encryption scheme to efficiently achieve privacy-preserving without additional special signatures. In addition, the proposed scheme can achieve fine-grained and flexible access control. Detailed analysis demonstrates the effectiveness and practicability of our scheme

Fine-Grained Access Control Systems Suitable for Resource-Constrained Users in Cloud Computing

For the sake of practicability of cloud computing, fine-grained data access is frequently required in the sense that users with different attributes should be granted different levels of access privileges. However, most of existing access control solutions are not suitable for resource-constrained users because of large computation costs, which linearly increase with the complexity of access policies. In this paper, we present an access control system based on ciphertext-policy attribute-based encryption. The proposed access control system enjoys constant computation cost and is proven secure in the random oracle model under the decision Bilinear Diffie-Hellman Exponent assumption. Our access control system supports AND-gate access policies with multiple values and wildcards, and it can efficiently support direct user revocation. Performance comparisons indicate that the proposed solution is suitable for resource-constrained environment