KP-ABE based Verifiable Cloud Access Control Scheme

With the rapid development of mobile internet, mobile devices are requiring more complex authorization policy to ensure an secure access control on mobile data. However mobiles have limited resources (computing, storage, etc.) and are not suitable to execute complex operations. Cloud computing is an increasingly popular paradigm for accessing powerful computing resources. Intuitively we can solve that problem by moving the complex access control process to the cloud and implement a fine-grained access control relying on the powerful cloud. However the cloud computation may not be trusted, a crucial problem is how to verify the correctness of such computations. In this paper, we proposed a public verifiable cloud access control scheme based on Parno's public verifiable computation protocol. For the first time, we proposed the conception and concrete construction of verifiable cloud access control. Specifically, we firstly design a user private key revocable Key Policy Attribute Based Encryption (KP-ABE) scheme with non-monotonic access structure, which can be combined with the XACML policy perfectly. Secondly we convert the XACML policy into the access structure of KP-ABE. Finally we construct a security provable public verifiable cloud access control scheme based on the KP-ABE scheme we designed.With the rapid development of mobile internet, mobile devices are requiring more complex authorization policy to ensure an secure access control on mobile data. However mobiles have limited resources (computing, storage, etc.) and are not suitable to execute complex operations. Cloud computing is an increasingly popular paradigm for accessing powerful computing resources. Intuitively we can solve that problem by moving the complex access control process to the cloud and implement a fine-grained access control relying on the powerful cloud. However the cloud computation may not be trusted, a crucial problem is how to verify the correctness of such computations. In this paper, we proposed a public verifiable cloud access control scheme based on Parno's public verifiable computation protocol. For the first time, we proposed the conception and concrete construction of verifiable cloud access control. Specifically, we firstly design a user private key revocable Key Policy Attribute Based Encryption (KP-ABE) scheme with non-monotonic access structure, which can be combined with the XACML policy perfectly. Secondly we convert the XACML policy into the access structure of KP-ABE. Finally we construct a security provable public verifiable cloud access control scheme based on the KP-ABE scheme we designed

towards attribute revocation in key-policy attribute based encryption

Attribute revocation is important to the attribute-based encryption (ABE). The existing ABE schemes supporting revocation mainly focus on the revocation of the user's identity, which could only revoke the user's whole attributes by revoking the user's identity. In some cases, we wish to revoke one attribute of a user instead of the whole attributes issued to him without affecting any other user's private key, such that the user still can use his private key to decrypt as long as the unrevoked attributes of him satisfy the decryption condition. In this paper, we propose two KP-ABE schemes realizing the attribute revocation under the direct revocation model. © 2011 Springer-Verlag.National Natural Science Foundation of China (NSFC); Shandong University (SDU)Attribute revocation is important to the attribute-based encryption (ABE). The existing ABE schemes supporting revocation mainly focus on the revocation of the user's identity, which could only revoke the user's whole attributes by revoking the user's identity. In some cases, we wish to revoke one attribute of a user instead of the whole attributes issued to him without affecting any other user's private key, such that the user still can use his private key to decrypt as long as the unrevoked attributes of him satisfy the decryption condition. In this paper, we propose two KP-ABE schemes realizing the attribute revocation under the direct revocation model. © 2011 Springer-Verlag