Authors:
Bo Lang
;
Runhua Xu
and
Yawei Duan
Affiliation:
Beihang University, China
Keyword(s):
Ciphertext-Policy Attribute Based Encryption (CP-ABE), Extended CP-ABE, Attribute based Access Control, Cloud Computing.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Data and Application Security and Privacy
;
Data Engineering
;
Data Protection
;
Databases and Data Security
;
Information and Systems Security
;
Internet Technology
;
Security and Privacy in the Cloud
;
Web Information Systems and Technologies
Abstract:
Ciphertext-Policy Attribute Based Encryption (CP-ABE) is recognized as an important data protection mechanism in cloud computing environment for its flexible, scalable and fine-grained access control features. For enhancing its security, efficiency and policy flexibility, researchers have proposed different schemes of CP-ABE which have different kinds of access policy structures. However, as far as we know, most of these structures only support AND, OR and threshold attribute operations. In order to achieve more effective data self-protection mechanisms in open environments such as Cloud computing, CP-ABE needs to support more flexible attribute based policies, most of which are described using operators of NOT, <, \leq, >, \geq. This paper proposed an Extended CP-ABE(ECP-ABE) scheme based on the existing CP-ABE scheme. The ECP-ABE scheme can express any access policy represented by arithmetic comparison and logical expressions that involve NOT, <, \leq, >, \geq operators in additio
n to AND, OR and threshold operators. We prove the Chosen-plaintext Attack (CPA) security of our scheme under the Decisional Bilinear Diffie-Hellman (DBDH) assumption in the standard model, and also discuss the experimental results of the efficiency of ECP-ABE.
(More)