Extending the Ciphertext-Policy Attribute Based Encryption Scheme for Supporting Flexible Access Control
Bo Lang, Runhua Xu, Yawei Duan
2013
Abstract
Ciphertext-Policy Attribute Based Encryption (CP-ABE) is recognized as an important data protection mechanism in cloud computing environment for its flexible, scalable and fine-grained access control features. For enhancing its security, efficiency and policy flexibility, researchers have proposed different schemes of CP-ABE which have different kinds of access policy structures. However, as far as we know, most of these structures only support AND, OR and threshold attribute operations. In order to achieve more effective data self-protection mechanisms in open environments such as Cloud computing, CP-ABE needs to support more flexible attribute based policies, most of which are described using operators of NOT, <, \leq, >, \geq. This paper proposed an Extended CP-ABE(ECP-ABE) scheme based on the existing CP-ABE scheme. The ECP-ABE scheme can express any access policy represented by arithmetic comparison and logical expressions that involve NOT, <, \leq, >, \geq operators in addition to AND, OR and threshold operators. We prove the Chosen-plaintext Attack (CPA) security of our scheme under the Decisional Bilinear Diffie-Hellman (DBDH) assumption in the standard model, and also discuss the experimental results of the efficiency of ECP-ABE.
References
- Attrapadung, N., Herranz, J., Laguillaumie, F., Libert, B., De Panafieu, E. & RÃ fols, C. 2012. Attribute-based encryption schemes with constant-size ciphertexts. Theoretical Computer Science, 422, 15-38.
- Attrapadung, N. & Imai, H. 2009. Conjunctive Broadcast and Attribute-Based Encryption. In: SHACHAM, H. & WATERS, B. (eds.) Pairing-Based Cryptography - Pairing 2009. Springer Berlin Heidelberg.
- Attrapadung, N., Libert, B. & Panafieu, E. 2011. Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts. In: CATALANO, D., FAZIO, N., GENNARO, R. & NICOLOSI, A. (eds.) Public Key Cryptography - PKC 2011. Springer Berlin Heidelberg.
- Beimel, A. 1996. Secure schemes for secret sharing and key distribution. PhD thesis, Israel Institute of Technology, Technion, Haifa, Israel.
- Bethencourt, J., Sahai, A. & Waters, B. Ciphertext-Policy Attribute-Based Encryption. Security and Privacy, 2007. SP 7807. IEEE Symposium on, 20-23 May 2007 2007. 321-334.
- Boneh, D. & Boyen, X. Efficient selective-ID secure identity-based encryption without random oracles. Advances in Cryptology-EUROCRYPT 2004, 2004. Springer, 223-238.
- Chen, C., Zhang, Z. & Feng, D. 2011. Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost. In: BOYEN, X. & CHEN, X. (eds.) Provable Security. Springer Berlin Heidelberg.
- Cheung, L. & Newport, C. 2007. Provably secure ciphertext policy ABE. Proceedings of the 14th ACM conference on Computer and communications security. Alexandria, Virginia, USA: ACM.
- Emura, K., Miyaji, A., Nomura, A., Omote, K. & Soshi, M. 2009. A Ciphertext-Policy Attribute-Based Encryption Scheme with Constant Ciphertext Length. In: BAO, F., LI, H. & WANG, G. (eds.) Information Security Practice and Experience. Springer Berlin Heidelberg.
- Goyal, V., Jain, A., Pandey, O. & Sahai, A. 2008. Bounded Ciphertext Policy Attribute Based Encryption. In: ACETO, L., DAMG RD, I., GOLDBERG, L., HALLD RSSON, M., ING LFSD TTIR, A. & WALUKIEWICZ, I. (eds.) Automata, Languages and Programming. Springer Berlin Heidelberg.
- Goyal, V., Pandey, O., Sahai, A. & Waters, B. 2006. Attribute-based encryption for fine-grained access control of encrypted data. Proceedings of the 13th ACM conference on Computer and communications security. Alexandria, Virginia, USA: ACM.
- Ibraimi, L., Tang, Q., Hartel, P. & Jonker, W. 2009. Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes. In: BAO, F., LI, H. & WANG, G. (eds.) Information Security Practice and Experience. Springer Berlin Heidelberg.
- Junbeom, H. & Dong Kun, N. 2011. Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems. Parallel and Distributed Systems, IEEE Transactions on, 22, 1214-1221.
- Junod, P. & Karlov, A. 2010. An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies. Proceedings of the tenth annual ACM workshop on Digital rights management. Chicago, Illinois, USA: ACM.
- Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R. & Freeman, T. 2009. A Flexible Attribute Based Access Control Method for Grid Computing. Journal of Grid Computing, 7, 169-180.
- Lewko, A., Okamoto, T., Sahai, A., Takashima, K. & Waters, B. 2010. Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption. In: GILBERT, H. (ed.) Advances in Cryptology - EUROCRYPT 2010. Springer Berlin Heidelberg.
- Li, J., Wang, Q., Wang, C. & Ren, K. 2011. Enhancing Attribute-Based Encryption with Attribute Hierarchy. Mobile Networks and Applications, 16, 553-561.
- Liang, X., Cao, Z., Lin, H. & Shao, J. 2009a. Attribute based proxy re-encryption with delegating capabilities. Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. Sydney, Australia: ACM.
- Liang, X., Cao, Z., Lin, H. & Xing, D. 2009b. Provably secure and efficient bounded ciphertext policy attribute based encryption. Proceedings of the 4th International Symposium on Information, Computer, and Communications Security. Sydney, Australia: ACM.
- Nishide, T., Yoneyama, K. & Ohta, K. 2008. AttributeBased Encryption with Partially Hidden EncryptorSpecified Access Structures. In: Bellovin, S., Gennaro, R., Keromytis, A. & Yung, M. (eds.) Applied Cryptography and Network Security. Springer Berlin Heidelberg.
- Sahai, A. & Waters, B. 2005. Fuzzy Identity-Based Encryption. In: CRAMER, R. (ed.) Advances in Cryptology - EUROCRYPT 2005. Springer Berlin Heidelberg.
- Samarati, P. & Di Vimercati, S. D. C. Data protection in outsourcing scenarios: Issues and directions. Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010. ACM, 1-14.
- Shamir, A. 1979. How to share a secret. Commun. ACM, 22, 612-613.
- Shamir, A. 1985. Identity-based cryptosystems and signature schemes. Proceedings of CRYPTO 84 on Advances in cryptology. Santa Barbara, California, United States: Springer-Verlag New York, Inc.
- Su, J., Cao, D., Wang, X., Sun, Y. & Hu, L. 2011. Attribute-based Encryption Schemes. Journal of Software, 22, 1299-1315.
- Vimercati, S. D. C. D., Foresti, S., Jajodia, S., Paraboschi, S. & Samarati, P. 2010. Encryption policies for regulating access to outsourced data. ACM Transactions on Database Systems (TODS), 35, 12.
- Wang, G., Liu, Q. & Wu, J. 2010. Hierarchical attributebased encryption for fine-grained access control in cloud storage services. Proceedings of the 17th ACM conference on Computer and communications security. Chicago, Illinois, USA: ACM.
- Waters, B. 2011. Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization. In: Catalano, D., Fazio, N., Gennaro, R. & Nicolosi, A. (eds.) Public Key Cryptography - PKC 2011. Springer Berlin Heidelberg.
- Zhiguo, W., Jun'e, L. & Deng, R. H. 2012. HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing. Information Forensics and Security, IEEE Transactions on, 7, 743-754.
Paper Citation
in Harvard Style
Lang B., Xu R. and Duan Y. (2013). Extending the Ciphertext-Policy Attribute Based Encryption Scheme for Supporting Flexible Access Control . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 147-157. DOI: 10.5220/0004525801470157
in Bibtex Style
@conference{secrypt13,
author={Bo Lang and Runhua Xu and Yawei Duan},
title={Extending the Ciphertext-Policy Attribute Based Encryption Scheme for Supporting Flexible Access Control},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={147-157},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004525801470157},
isbn={978-989-8565-73-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Extending the Ciphertext-Policy Attribute Based Encryption Scheme for Supporting Flexible Access Control
SN - 978-989-8565-73-0
AU - Lang B.
AU - Xu R.
AU - Duan Y.
PY - 2013
SP - 147
EP - 157
DO - 10.5220/0004525801470157