Attribute-based fuzzy identity access control in multicloud computing environments
- 212 Downloads
Firstly, we propose a multiauthority ciphertext policy attribute-based encryption scheme. It achieves fine-grained access control based upon fuzzy identity over encrypted data without any trusted center or extra interaction among multiple authorities. Moreover, it satisfies the collusion resistance requirement as long as at least one of the attribute authorities is honest. The security proof demonstrates that the proposed scheme is secure against chosen plaintext attacks in random oracle model under decisional multilinear Diffie–Hellman assumption. Secondly, we construct an attribute-based access control system for proxy-based multicloud environment to achieve distributed access control without any trusted center, manager, or additional secret keys. In our construction, the original secret keys are split into a control key, a decryption key and a set of transformation keys. It only takes the mobile device a lightweight decryption with a single decryption key. The overwhelming majority of decryption operations are outsourced to cloud via transformation keys. In addition, the attribute revocation can be realized by updating transformation keys using the control key, while ciphertexts and user’s decryption key still remain unchanged. Furthermore, proxies are helpful to promote the collaboration among multiple clouds in file access control system. Finally, the performance analysis shows that our construction is flexible and practical for mobile users in proxy-based multicloud environment.
KeywordsAttribute-based encryption Fuzzy identity Data access control Multicloud computing Collaboration
This work is supported by NSFC (Grant Nos. 61602045, 61502044, 61572379, 61501333), the Natural Science Foundation of Hubei Province of China (No. 2015CFB257).
Compliance with ethical standards
Conflict of interest
The authors declare that they have no conflict of interest.
Human and animal rights
This article does not contain any studies with human participants or animals performed by any of the authors.
- Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, pp 321–334Google Scholar
- Chase M (2007) Multi-authority attribute based encryption. In: proceedings of theory of cryptography, theory of cryptography conference, TCC 2007, Amsterdam, The Netherlands, 21–24 Feb 2007, pp 515–534Google Scholar
- Chase M, Chow SSM (2009) Improving privacy and security in multi-authority attribute-based encryption. In: ACM conference on computer and communications security, CCS 2009. Chicago, Illinois, USA, Nov, pp 121–130Google Scholar
- Fu Z, Huang F, Sun X, Vasilakos A, Yang CN (2016a) Enabling semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Serv ComputGoogle Scholar
- Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. Proc Acmccs 89–98:89–98Google Scholar
- Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertexts. In: usenix conference on security, pp 34–34Google Scholar
- Rouselakis Y, Waters B (2013) Practical constructions and new proof methods for large universe attribute-based encryption. In: proceedings of the 2013 ACM SIGSAC conference on computer communications security, ACM, CCS ’13, New York, NY, USA, pp 463–474Google Scholar
- Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: conference on information communications, pp 1–9Google Scholar