Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digita...Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.展开更多
In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficien...In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.展开更多
Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data ...Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.展开更多
With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed...With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.展开更多
Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems...Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems. Moreover, such systems create security issues whileefficiently using IoT and Cloud Computing technologies. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has the potential to make IoT datamore secure and reliable in various cloud storage services. Cloud-assisted IoTssuffer from two privacy issues: access policies (public) and super polynomialdecryption times (attributed mainly to complex access structures). We havedeveloped a CP-ABE scheme in alignment with a Hidden HierarchyCiphertext-Policy Attribute-Based Encryption (HH-CP-ABE) access structure embedded within two policies, i.e., public policy and sensitive policy.In this proposed scheme, information is only revealed when the user’sinformation is satisfactory to the public policy. Furthermore, the proposedscheme applies to resource-constrained devices already contracted tasks totrusted servers (especially encryption/decryption/searching). Implementingthe method and keywords search resulted in higher access policy privacy andincreased security. The new scheme introduces superior storage in comparisonto existing systems (CP-ABE, H-CP-ABE), while also decreasing storage costsin HH-CP-ABE. Furthermore, a reduction in time for key generation canalso be noted.Moreover, the scheme proved secure, even in handling IoT datathreats in the Decisional Bilinear Diffie-Hellman (DBDH) case.展开更多
Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intellig...Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intelligent processing on edge servers(ES).However,securely distributing encrypted data stored in the cloud to terminals that meet decryption requirements has become a prominent research topic.Additionally,managing attributes,including addition,deletion,and modification,is a crucial issue in the access control scheme for RES.To address these security concerns,a trust-based ciphertext-policy attribute-based encryption(CP-ABE)device access control scheme is proposed for RES(TB-CP-ABE).This scheme effectivelymanages the distribution and control of encrypted data on the cloud through robust attribute key management.By introducing trust management mechanisms and outsourced decryption technology,the ES system can effectively assess and manage the trust worthiness of terminal devices,ensuring that only trusted devices can participate in data exchange and access sensitive information.Besides,the ES system dynamically evaluates trust scores to set decryption trust thresholds,thereby regulating device data access permissions and enhancing the system’s security.To validate the security of the proposed TB-CP-ABE against chosen plaintext attacks,a comprehensive formal security analysis is conducted using the widely accepted random oraclemodel under the decisional q-Bilinear Diffie-Hellman Exponent(q-BDHE)assumption.Finally,comparative analysis with other schemes demonstrates that the TB-CP-ABE scheme cuts energy/communication costs by 43%,and scaleswell with rising terminals,maintaining average latency below 50ms,ensuring real-time service feasibility.The proposed scheme not only provides newinsights for the secure management of RES but also lays a foundation for future secure energy solutions.展开更多
For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge...For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.展开更多
This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.B...This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.展开更多
Nowadays,vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets.To reduce the difficulty and local data management’s cost significantly...Nowadays,vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets.To reduce the difficulty and local data management’s cost significantly,cloud storage services provide a highly available,highperformance,and low-cost solution for user data hosting,enabling remote access,backup,and sharing of data stored by the cloud.However,this service model is not without security risks,including user privacy exposure,low trustworthiness of data,and unauthorized access.To address these concerns,attribute-based encryption(ABE)schemes allow for the implementation of fine-grained access policies while ensure the confidentiality and availability of data stored under the cloud environment.The issues of collusion among authorities,excessive decryption computation overhead,and high complexity in attribute revocation have aroused many researchers’attention,and many works have emerged.However,expanding the functionality of ABE schemes to satisfy multiple requirements and improving existing functionality of ABE schemes are still urgent problems to be solved.Motivated by these problems,here we propose a novel multi-functional multi-authority ABE scheme that incorporates functional features such as multi-authority key generation,outsourced decryption,malicious user tracking,flexible attribute revocation,and real-time policy updates,thereby providing fine-grained access control as well as confidentiality for data stored under cloud environments.Similar to prior works,we have analyzed the static security,forward security,and resistance to collusion attacks of our proposed scheme for completeness.Storage and computational efficiency evaluation shows that our proposed scheme achieves lower storage costs and computational overhead compared to existing schemes with similar functionalities.展开更多
文摘Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.
基金Supported by the National Natural Science Foundation of China(61272488)Science and Technology on Information Assurance Laboratory(KJ-15-006)Fundamental and Frontier Technology Research of Henan Province(162300410192)
文摘In this paper, we present the first ciphertext-policy attribute-based encryption (CP-ABE) scheme for polynomial-size general circuits based on bilinear maps which is more suitable for practical use and more efficient than multilinear maps. Our scheme uses a top-down secret sharing and FANOUT gate to resist the "backtracking attack" which is the main barrier expending access tree to general circuit. In the standard model, selective security of our scheme is proved. Comparing with current scheme for general circuits from bilinear maps, our work is more efficient.
基金This research is funded by Science and Technology Program of Guangzhou(Grant No.201707010358).
文摘Ciphertext-policy attribute-based encryption(CP-ABE)is a promising cryptographic solution to the problem for enforcing fine-grained access control over encrypted data in the cloud.However,when applying CP-ABE to data outsourcing scenarios,we have to address the challenging issue of policy updates because access control elements,such as users,attributes,and access rules may change frequently.In this paper,we propose a notion of access policy updatable ciphertext-policy attribute-based encryption(APU-CP-ABE)by combining the idea of ciphertext-policy attribute-based key encapsulation and symmetric proxy re-encryption.When an access policy update occurs,data owner is no longer required to download any data for re-encryption from the cloud,all he needs to do is generate a re-encryption key and produce a new encapsulated symmetric key,and then upload them to the cloud.The cloud server executes re-encryption without decryption.Because the re-encrypted ciphertext is encrypted under a completely new key,users cannot decrypt data even if they keep the old symmetric keys or parts of the previous ciphertext.We present an APU-CP-ABE construction based on Syalim et al.’s[Syalim,Nishide and Sakurai(2017)]improved symmetric proxy re-encryption scheme and Agrawal et al.’s[Agrawal and Chase(2017)]attribute-based message encryption scheme.It requires only 6 bilinear pairing operations for decryption,regardless of the number of attributes involved.This makes our construction particularly attractive when decryption is time-critical.
基金the National Natural Science Foundation of China(Grant Numbers 622724786210245062102451).
文摘With the rapid advancement of cloud computing technology,reversible data hiding algorithms in encrypted images(RDH-EI)have developed into an important field of study concentrated on safeguarding privacy in distributed cloud environments.However,existing algorithms often suffer from low embedding capacities and are inadequate for complex data access scenarios.To address these challenges,this paper proposes a novel reversible data hiding algorithm in encrypted images based on adaptive median edge detection(AMED)and ciphertext-policy attributebased encryption(CP-ABE).This proposed algorithm enhances the conventional median edge detection(MED)by incorporating dynamic variables to improve pixel prediction accuracy.The carrier image is subsequently reconstructed using the Huffman coding technique.Encrypted image generation is then achieved by encrypting the image based on system user attributes and data access rights,with the hierarchical embedding of the group’s secret data seamlessly integrated during the encryption process using the CP-ABE scheme.Ultimately,the encrypted image is transmitted to the data hider,enabling independent embedding of the secret data and resulting in the creation of the marked encrypted image.This approach allows only the receiver to extract the authorized group’s secret data,thereby enabling fine-grained,controlled access.Test results indicate that,in contrast to current algorithms,the method introduced here considerably improves the embedding rate while preserving lossless image recovery.Specifically,the average maximum embedding rates for the(3,4)-threshold and(6,6)-threshold schemes reach 5.7853 bits per pixel(bpp)and 7.7781 bpp,respectively,across the BOSSbase,BOW-2,and USD databases.Furthermore,the algorithm facilitates permission-granting and joint-decryption capabilities.Additionally,this paper conducts a comprehensive examination of the algorithm’s robustness using metrics such as image correlation,information entropy,and number of pixel change rate(NPCR),confirming its high level of security.Overall,the algorithm can be applied in a multi-user and multi-level cloud service environment to realize the secure storage of carrier images and secret data.
文摘Most research works nowadays deal with real-time Internetof Things (IoT) data. However, with exponential data volume increases,organizations need help storing such humongous amounts of IoT data incloud storage systems. Moreover, such systems create security issues whileefficiently using IoT and Cloud Computing technologies. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has the potential to make IoT datamore secure and reliable in various cloud storage services. Cloud-assisted IoTssuffer from two privacy issues: access policies (public) and super polynomialdecryption times (attributed mainly to complex access structures). We havedeveloped a CP-ABE scheme in alignment with a Hidden HierarchyCiphertext-Policy Attribute-Based Encryption (HH-CP-ABE) access structure embedded within two policies, i.e., public policy and sensitive policy.In this proposed scheme, information is only revealed when the user’sinformation is satisfactory to the public policy. Furthermore, the proposedscheme applies to resource-constrained devices already contracted tasks totrusted servers (especially encryption/decryption/searching). Implementingthe method and keywords search resulted in higher access policy privacy andincreased security. The new scheme introduces superior storage in comparisonto existing systems (CP-ABE, H-CP-ABE), while also decreasing storage costsin HH-CP-ABE. Furthermore, a reduction in time for key generation canalso be noted.Moreover, the scheme proved secure, even in handling IoT datathreats in the Decisional Bilinear Diffie-Hellman (DBDH) case.
基金supported by the Science and Technology Project of the State Grid Corporation of China,Grant number 5700-202223189A-1-1-ZN.
文摘Renewable Energy Systems(RES)provide a sustainable solution to climate warming and environmental pollution by enhancing stability and reliability through status acquisition and analysis on cloud platforms and intelligent processing on edge servers(ES).However,securely distributing encrypted data stored in the cloud to terminals that meet decryption requirements has become a prominent research topic.Additionally,managing attributes,including addition,deletion,and modification,is a crucial issue in the access control scheme for RES.To address these security concerns,a trust-based ciphertext-policy attribute-based encryption(CP-ABE)device access control scheme is proposed for RES(TB-CP-ABE).This scheme effectivelymanages the distribution and control of encrypted data on the cloud through robust attribute key management.By introducing trust management mechanisms and outsourced decryption technology,the ES system can effectively assess and manage the trust worthiness of terminal devices,ensuring that only trusted devices can participate in data exchange and access sensitive information.Besides,the ES system dynamically evaluates trust scores to set decryption trust thresholds,thereby regulating device data access permissions and enhancing the system’s security.To validate the security of the proposed TB-CP-ABE against chosen plaintext attacks,a comprehensive formal security analysis is conducted using the widely accepted random oraclemodel under the decisional q-Bilinear Diffie-Hellman Exponent(q-BDHE)assumption.Finally,comparative analysis with other schemes demonstrates that the TB-CP-ABE scheme cuts energy/communication costs by 43%,and scaleswell with rising terminals,maintaining average latency below 50ms,ensuring real-time service feasibility.The proposed scheme not only provides newinsights for the secure management of RES but also lays a foundation for future secure energy solutions.
基金supported in part by the Nature Science Foundation of China (61472307, 61402112, 61100165, 61100231)Natural Science Basic Research Plan in Shaanxi Province of China (2016JM6004)
文摘For leakage-resilient ciphertext-policy attribute-based encryption (CP-ABE) at present, the size of the ciphertexts in most of them relies on the number of attributes. How to overcome this shortcoming is a challenge problem. Based on the Goldreich-Levin theorem and dual system encryption, an efficient CP-ABE scheme with constant size ciphertexts is proposed in this paper. It can tolerate leakage on master secret key and attribute-based secret keys with auxiliary inputs. Furthermore, the proposed scheme can be realized as resilience against continual leakage if keys are periodically updated. Under some static assumptions instead of other strong assumptions, the introduced scheme achieves adaptively security in the standard model.
文摘This research paper puts emphasis on using cloud computing with Blockchain(BC)to improve the security and privacy in a cloud.The security of data is not guaranteed as there is always a risk of leakage of users’data.Blockchain can be used in a multi-tenant cloud environment(MTCE)to improve the security of data,as it is a decentralized approach.Data is saved in unaltered form.Also,Blockchain is not owned by a single organization.The encryption process can be done using a Homomorphic encryption(HE)algorithm along with hashing technique,hereby allowing computations on encrypted data without the need for decryption.This research paper is composed of four objectives:Analysis of cloud security using Blockchain technology;Exceptional scenario of Blockchain architecture in an enterprise-level MTCE;Implementation of cipher-text policy attribute-based encryption(CPABE)algorithm;Implementation of Merkle tree using Ethereum(MTuE)in a Multi-tenant system.Out of these four objectives,the main focus is on the implementation of CP-ABE algorithm.CP-ABE parameters are proposed for different levels of tenants.The levels include inner tenant,outer tenant,Inner-Outer-Tenant,Inner-Outer-External-Tenant,Outer-Inner-Tenant,External-Outer-Inner-Tenant and the parameters such as token,private key,public key,access tree,message,attribute set,node-level,cipher-text,salting which will help in providing better security using CP-ABE algorithm in a multitenant environment(MTE)where tenants can be provided with different levels of security and achieved 92 percentage of authenticity and access-control of the data.
基金supported by the National Key R&D Program of China(No.2022ZD0161901)the National Natural Science Foundation of China(Grant No.62072023)+2 种基金Beijing Natural Science Foundation(Grant No.4242024)the Open Project Fund of the State Key Laboratory of Cryptology(No.MMKFKT202120)the Exploratory Optional Project Fund of the State Key Laboratory of Complex&Critical Software Environment,and the Fundamental Research Funds of Beihang University(Nos.YWF-21-BJ-J-1041,YWF-23-L-1033,etc.).
文摘Nowadays,vast and rapidly growing information acts as digital records of social activities and is widely collected and stored as economic assets.To reduce the difficulty and local data management’s cost significantly,cloud storage services provide a highly available,highperformance,and low-cost solution for user data hosting,enabling remote access,backup,and sharing of data stored by the cloud.However,this service model is not without security risks,including user privacy exposure,low trustworthiness of data,and unauthorized access.To address these concerns,attribute-based encryption(ABE)schemes allow for the implementation of fine-grained access policies while ensure the confidentiality and availability of data stored under the cloud environment.The issues of collusion among authorities,excessive decryption computation overhead,and high complexity in attribute revocation have aroused many researchers’attention,and many works have emerged.However,expanding the functionality of ABE schemes to satisfy multiple requirements and improving existing functionality of ABE schemes are still urgent problems to be solved.Motivated by these problems,here we propose a novel multi-functional multi-authority ABE scheme that incorporates functional features such as multi-authority key generation,outsourced decryption,malicious user tracking,flexible attribute revocation,and real-time policy updates,thereby providing fine-grained access control as well as confidentiality for data stored under cloud environments.Similar to prior works,we have analyzed the static security,forward security,and resistance to collusion attacks of our proposed scheme for completeness.Storage and computational efficiency evaluation shows that our proposed scheme achieves lower storage costs and computational overhead compared to existing schemes with similar functionalities.
