Soft Computing

, Volume 22, Issue 12, pp 4071–4082 | Cite as

Attribute-based fuzzy identity access control in multicloud computing environments

  • Wenmin Li
  • Qiaoyan Wen
  • Xuelei Li
  • Debiao HeEmail author
Methodologies and Application


Firstly, we propose a multiauthority ciphertext policy attribute-based encryption scheme. It achieves fine-grained access control based upon fuzzy identity over encrypted data without any trusted center or extra interaction among multiple authorities. Moreover, it satisfies the collusion resistance requirement as long as at least one of the attribute authorities is honest. The security proof demonstrates that the proposed scheme is secure against chosen plaintext attacks in random oracle model under decisional multilinear Diffie–Hellman assumption. Secondly, we construct an attribute-based access control system for proxy-based multicloud environment to achieve distributed access control without any trusted center, manager, or additional secret keys. In our construction, the original secret keys are split into a control key, a decryption key and a set of transformation keys. It only takes the mobile device a lightweight decryption with a single decryption key. The overwhelming majority of decryption operations are outsourced to cloud via transformation keys. In addition, the attribute revocation can be realized by updating transformation keys using the control key, while ciphertexts and user’s decryption key still remain unchanged. Furthermore, proxies are helpful to promote the collaboration among multiple clouds in file access control system. Finally, the performance analysis shows that our construction is flexible and practical for mobile users in proxy-based multicloud environment.


Attribute-based encryption Fuzzy identity Data access control Multicloud computing Collaboration 



This work is supported by NSFC (Grant Nos. 61602045, 61502044, 61572379, 61501333), the Natural Science Foundation of Hubei Province of China (No. 2015CFB257).

Compliance with ethical standards

Conflict of interest

The authors declare that they have no conflict of interest.

Human and animal rights

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, pp 321–334Google Scholar
  2. Boneh D, Silverberg A (2002) Applications of multilinear forms to cryptography. Contemp Math 324:71–90MathSciNetCrossRefzbMATHGoogle Scholar
  3. Chase M (2007) Multi-authority attribute based encryption. In: proceedings of theory of cryptography, theory of cryptography conference, TCC 2007, Amsterdam, The Netherlands, 21–24 Feb 2007, pp 515–534Google Scholar
  4. Chase M, Chow SSM (2009) Improving privacy and security in multi-authority attribute-based encryption. In: ACM conference on computer and communications security, CCS 2009. Chicago, Illinois, USA, Nov, pp 121–130Google Scholar
  5. Coron JS, Lepoint T, Tibouchi M (2013) Practical multilinear maps over the integers. Springer, Berlin HeidelbergCrossRefzbMATHGoogle Scholar
  6. Fu Z, Sun X, Liu Q, Zhou L, Shu J (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun 98(1):190–200CrossRefGoogle Scholar
  7. Fu Z, Huang F, Sun X, Vasilakos A, Yang CN (2016a) Enabling semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Serv ComputGoogle Scholar
  8. Fu Z, Wu X, Guan C, Sun X, Ren K (2016b) Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans Inf Forensics Secur 11(12):2706–2716CrossRefGoogle Scholar
  9. Garg S, Gentry C, Halevi S (2013) Candidate multilinear maps from ideal lattices. Springer, Berlin HeidelbergCrossRefzbMATHGoogle Scholar
  10. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. Proc Acmccs 89–98:89–98Google Scholar
  11. Green M, Hohenberger S, Waters B (2011) Outsourcing the decryption of abe ciphertexts. In: usenix conference on security, pp 34–34Google Scholar
  12. Hur J, Dong KN (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221CrossRefGoogle Scholar
  13. Lai J, Deng RH, Guan C, Weng J (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 8(8):1343–1354CrossRefGoogle Scholar
  14. Li W, Xue K, Xue Y, Hong J (2016) Tmacs: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans Parallel Distrib Syst 27(5):1484–1496CrossRefGoogle Scholar
  15. Liu Q, Cai W, Shen J, Fu Z, Liu X, Linge N (2016) A speculative approach to spatial-temporal efficiency with multi-objective optimization in a heterogeneous cloud environment. Secur Commun Netw 9(17):4002–4012CrossRefGoogle Scholar
  16. Rouselakis Y, Waters B (2013) Practical constructions and new proof methods for large universe attribute-based encryption. In: proceedings of the 2013 ACM SIGSAC conference on computer communications security, ACM, CCS ’13, New York, NY, USA, pp 463–474Google Scholar
  17. Sahai A, Waters B (2005) Fuzzy identity-based encryption. Lect Notes Comput Sci 3494:457–473MathSciNetCrossRefzbMATHGoogle Scholar
  18. Singhal M, Chandrasekhar S, Ge T, Sandhu R, Krishnan R, Ahn GJ, Bertino E (2013) Collaboration in multicloud computing environments: framework and security issues. Computer 46(2):76–84CrossRefGoogle Scholar
  19. Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Lect Notes Comput Sci 2008:321–334zbMATHGoogle Scholar
  20. Xia Z, Wang X, Sun X, Wang Q (2016a) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340–352CrossRefGoogle Scholar
  21. Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016b) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608CrossRefGoogle Scholar
  22. Xu J, Wen Q, Li W, Jin Z (2016) Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans Parallel Distrib Syst 27(1):119–129CrossRefGoogle Scholar
  23. Yang K, Jia X (2014) Expressive, efficient and revocable data access control for multi-authority cloud storage. IEEE Trans Parallel Distrib Syst 25(7):1735–1744CrossRefGoogle Scholar
  24. Yang K, Jia X, Ren K, Zhang B, Xie R (2013) Dac-macs: effective data access control for multi-authority cloud storage systems. IEEE Trans Inf Forensics Secur 8(11):1790–1801CrossRefGoogle Scholar
  25. Yang K, Jia X, Ren K (2015) Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans Parallel Distrib Syst 26(12):1–1CrossRefGoogle Scholar
  26. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: conference on information communications, pp 1–9Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2017

Authors and Affiliations

  1. 1.State Key Laboratory of Networking and Switching TechnologyBeijing University of Posts and TelecommunicationsBeijingChina
  2. 2.State Key Lab of Software Engineering, Computer SchoolWuhan UniversityWuhanChina

Personalised recommendations