Abstract:Focusing on the large decryption overhead of the data user and the lack of effective attribute revocation of the Multi-Authority Attribute-Based Encryption (MA-ABE) access control scheme in cloud storage, an attribute revocation and verifiable outsourcing supported multi-authority attribute-based encryption scheme was proposed. Firstly, the data user's decryption overhead was markedly reduced and the integrity of the data was verified by using verifiable outsourcing technology. Then, the bilinear mapping was used to protect the access policy, preventing the identity of the data owner from leaking. Finally, the version key of each attribute was used to realize the immediate attribute revocation. The security analysis shows that the proposed scheme is safe under the decisional q-bilinear Diffie-Hellman exponent assumption in the standard model, achieves forward security and is able to resist collusion attack. The performance analysis shows that the proposed scheme has great advantages in terms of functionality and computational cost. Therefore, this scheme is more suitable for multi-authority attribute-based encryption environment in cloud storage.
[1] MELL P, GRANCE T. The NIST definition of cloud computing:SP 800-145[R]. Gaithersburg, MD:National Institute of Standards & Technology, 2011. [2] SAHAI A, WATERS B. Fuzzy identity-based encryption[C]//Proceedings of the 2005 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 3494. Berlin:Springer, 2005:457-473. [3] GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]//Proceedings of the 13th ACM Conference on Computer and Communications Security. New York:ACM, 2006:89-98. [4] BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy attribute-based encryption[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. Piscataway:IEEE, 2007:321-334. [5] WATERS B. Ciphertext-policy attribute-based encryption:an expressive, efficient, and provably secure realization[C]//Proceedings of the 2011 International Workshop on Public Key Cryptography, LNCS 6571. Berlin:Springer, 2011:53-70. [6] LEWKO A, WATERS B. New proof methods for attribute-based encryption:achieving full security through selective techniques[C]//Proceedings of the 2012 Annual Cryptology Conference, LNCS 7417. Berlin:Springer, 2012:180-198. [7] ROUSELAKIS Y, WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption[C]//Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM, 2013:463-474. [8] 仲红,崔杰,朱文龙,等.高效且可验证的多授权机构属性基加密方案[J].软件学报,2018,29(7):2006-2017.(ZHONG H, CUI J, ZHU W L, et al. Efficient and verifiable multi-authority attribute based encryption scheme[J]. Journal of Software, 2018, 29(7):2006-2017.) [9] 范运东,吴晓平.基于策略隐藏属性加密的云存储访问控制方案[J].计算机工程,2018,44(7):139-144,149.(FAN Y D, WU X P. Cloud storage access control scheme based on policy hiding attribute encryption[J]. Computer Engineering, 2018, 44(7):139-144, 149.) [10] CHASE M. Multi-authority attribute based encryption[C]//Proceedings of the 2007 Theory of Cryptography Conference, LNCS 4392. Berlin:Springer, 2007:515-534. [11] LEWKO A, WATERS B. Decentralizing attribute-based encryption[C]//Proceedings of the 2011 Annual International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 6632. Berlin:Springer, 2011:568-588. [12] GREEN M, HOHENBERGER S, WATERS B. Outsourcing the decryption of ABE ciphertexts[C]//Proceedings of the 2011 USENIX Conference on Security. Berkeley, CA:USENIX Association, 2011:34-34. [13] LAI J, DENG R H, GUAN C, et al. Attribute-based encryption with verifiable outsourced decryption[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(8):1343-1354. [14] YANG K, JIA X, REN K, et al. DAC-MACS:effective data access control for multi-authority cloud storage systems[C]//Proceedings of the 2013 IEEE INFOCOM. Piscataway:IEEE, 2013:2589-2903. [15] LI J, HUANG X, LI J, et al. Securely outsourcing attribute-based encryption with checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 25(8):2201-2210. [16] BEIMEL A. Secure schemes for secret sharing and key distribution[D]. Haifa, Israel:Technion-Israel Institute of Technology, 1996:76-90. [17] YANG K, JIA X. Expressive, efficient, and revocable data access control for multi-authority cloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2013, 25(7):1735-1744. [18] YANG Y, CHEN X Y, CHEN H, et al. Improving privacy and security in decentralizing multi-authority attribute-based encryption in cloud computing[J]. IEEE Access, 2018, 6:18009-18021. [19] LI W, XUE K, XUE Y, et al. TMACS:a robust and verifiable threshold multi-authority access control system in public cloud storage[J]. IEEE Transactions on Parallel and Distributed Systems, 2015, 27(5):1484-1496.