Skip to main content
SpringerLink
Log in

Complex and flexible data access policy in attribute-based encryption

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

With the development of cloud computing application, attribute-based encryption (ABE) with flexibly fine-grained data access control is widely adopted. However, traditional data access structures are mainly constructed on independent and fixed attribute values. The data access policies in traditional ABE schemes don’t express the relationship of different attributes and the dynamic attribute values. Those seriously restrict wider application of ABE techonlogy. To resolve the problem, condition expression (CE) is first adopted to describe the demanded condition of attribute variables, which also includes combination operation related to many different attribute variables. A rule of CE is established to generate a concreted CE with unique form for an attribute condition. A running function of CE is presented to judge whether the related attribute values satisfy the specified CE automatically. In this article, we provide a ciphertext-policy ABE scheme which adopts the and-gate multi-value attribute access structure with additional CE (and-gate-CE), which has constant ciphertext length and can be proven CPA-secure under the decision q-BDHE assumption in random oracle model. Our scheme realizes to provide a more general data access policy with complicated and flexible CE in and-gate multi-value ABE scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol 3494, pp 457–473. https://doi.org/10.1007/11426639_27

  2. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp 89–98. https://doi.org/10.1145/1180405.1180418

  3. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In 2007 IEEE symposium on security and privacy, pp 321–334. https://doi.org/10.1109/SP.2007.11

  4. Cheung L, Newport C (2007) Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp 456–465. https://doi.org/10.1145/1315245.1315302

  5. Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp 195–203. https://doi.org/10.1145/1315245.1315270

  6. Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol 6110, pp 62–91. https://doi.org/10.1007/978-3-642-13190-5_4

  7. Yang K, Jia X (2012) Attributed-based access control for multi-authority systems in cloud storage. In: International Conference on Distributed Computing Systems. IEEE Computer Society, pp 536–545. https://doi.org/10.1109/ICDCS.2012.42

  8. Doshi N, Jinwala D (2011) Constant ciphertext length in multi-authority ciphertext policy attribute-based encryption. In: The 2nd International Conference, Computer and Communication Technology (ICCCT), pp 451–456. https://doi.org/10.1109/ICCCT.2011.6075139

  9. Yang K, Jia X, Ren K (2013) Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp 523–528. https://doi.org/10.1145/2484313.2484383

  10. Beime A (1996) Secure schemes for secret sharing and key distribution. PhD dissertation

  11. Chen Y, Song L, Yang G (2016) Attribute-based access control for multi-authority systems with constant size ciphertext in cloud computing. China Commun J 13:146–162

    Google Scholar 

  12. Chase M (2007) Multi-authority attribute based encryption. Theory Cryptogr Conf 4392:515–534. https://doi.org/10.1007/978-3-540-70936-7_28

    Article  MathSciNet  MATH  Google Scholar 

  13. Kumaresan S, Shanmugam V (2020) Time-variant attribute-based multitype encryption algorithm for improved cloud data security using user profile. J Supercomput 76:6094–6112. https://doi.org/10.1007/s11227-019-03118-8

    Article  Google Scholar 

  14. Raja J, Ramakrishnan M (2020) Confidentiality-preserving based on attribute encryption using auditable access during encrypted records in cloud location. J Supercomput 76:6026–6039. https://doi.org/10.1007/s11227-019-03111-1

    Article  Google Scholar 

  15. Ibrahim MH, Kumari S, Das AK et al (2018) Attribute-based authentication on the cloud for thin clients. J Supercomput 74:5813–5845. https://doi.org/10.1007/s11227-016-1948-8

    Article  Google Scholar 

  16. Tembhare A, Sibi Chakkaravarthy S, Sangeetha D et al (2019) Role-based policy to maintain privacy of patient health records in cloud. J Supercomput 75:5866–5881. https://doi.org/10.1007/s11227-019-02887-6

    Article  Google Scholar 

  17. He D, Kumar N, Wang H, Wang L, Choo KKR, Vinel A (2018) A provably-secure cross-domain handshake scheme with symptoms-matching for mobile healthcare social network. IEEE Trans Depend Secure Comput 15:633–645

    Article  Google Scholar 

  18. Zhang Y, Li J, Zheng D, Chen X, Li H (2017) Towards privacy protection and malicious behavior traceability in smart health. Pers Ubiquit Comput 21:815–830

    Article  Google Scholar 

  19. Shokri M, Mirabi M (2019) An efficient stream structure for broadcasting the encrypted XML data in mobile wireless broadcast channels. J Supercomput 75:7147–7173. https://doi.org/10.1007/s11227-019-02920-8

    Article  Google Scholar 

  20. Li J, Yu Q, Zhang Y (2019) Hierarchical attribute based encryption with continuous leakage-resilience. Inf Sci 484:113–134. https://doi.org/10.1016/j.ins.2019.01.052

    Article  MATH  Google Scholar 

  21. Li J, Lin D, Squicciarini AC, Li J, Jia C (2017) Towards privacy-preserving storage and retrieval in multiple clouds. IEEE Trans Cloud Comput 5(3):499–509

    Article  Google Scholar 

  22. Ahuja R, Mohanty SK (2017) A scalable attribute-based access control scheme with flexible delegation cum sharing of access privileges for cloud storage. IEEE Trans Cloud Comput 8:32–44. https://doi.org/10.1109/TCC.2017.2751471

    Article  Google Scholar 

  23. Belguith S, Kaaniche N, Laurent M, Jemai A, Attia R (2018) Phoabe: securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted iot. Comput Netw 133:141–156. https://doi.org/10.1016/j.comnet.2018.01.036

    Article  Google Scholar 

  24. Sun J, Su Y, Qin J, Hu J, Ma J (2019) Outsourced decentralized multi-authority attribute based signature and its application in IoT. IEEE Trans Cloud Comput 99:1

    Article  Google Scholar 

  25. Namasudra S (2019) An improved attribute-based encryption technique towards the data security in cloud computing. Concurr Comput Pract Exp 108:37–52. https://doi.org/10.1016/j.jnca.2018.02.009

    Article  MATH  Google Scholar 

  26. Joshi M, Joshi K, Finin T (2018) Attribute based encryption for secure access to cloud based EHR systems. In: 2018 IEEE 11th International Conference on Cloud Computing, pp 932–935. https://doi.org/10.1109/CLOUD.2018.00139

  27. Li J, Yu Q, Zhang Y, Shen J (2019) Key-policy attribute-based encryption against continual auxiliary input leakage. Inf Sci 470:175–188. https://doi.org/10.1016/j.ins.2018.07.077

    Article  MathSciNet  MATH  Google Scholar 

  28. Attrapadung N, Hanaoka G, Ogawa K, Ohtake G, Watanabe H, Yamada S (2018) Attribute-based encryption for range attributes. IEICE Trans Fundam Electron Commun Comput Sci 101(9):1440–1455

    Article  Google Scholar 

  29. Rasori M, Perazzo P, Dini G (2020) A lightweight and scalable attribute-based encryption system for smart cities. Comput Commun 149:78–89. https://doi.org/10.1016/j.comcom.2019.10.005

    Article  Google Scholar 

  30. Jiang Y, Susilo W, Mu Y, Guo F (2018) Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Futur Gener Comput Syst 78:720–729. https://doi.org/10.1016/j.future.2017.01.026

    Article  Google Scholar 

  31. Wang H, Song Y (2018) Secure cloud-based EHR system using attribute-based cryptosystem and blockchain. J Med Syst 42:1–9. https://doi.org/10.1007/s10916-018-0994-6

    Article  Google Scholar 

  32. Liu J K, Yuen T H, Zhang P, Liang K (2018) Time-based direct revocable ciphertext-policy attribute-based encryption with short revocation list. In: International Conference on Applied Cryptography and Network Security, vol 10892, pp 516–534. https://doi.org/10.1007/978-3-319-93387-0_27

  33. Ge A J, Zhang R, Chen C (2012) Thresholdciphertext policy attribute-based encryption with constant size ciphertexts. In: Information Security and Privacy—Seventeenth Australasian Conference, pp 336–349. https://doi.org/10.1007/978-3-642-31448-3_25

  34. Odelu V, Das AK, Rao YS, Kumari S, Khan MK, Choo KKR (2017) Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput Stand Interfaces 54:3–9. https://doi.org/10.1016/j.csi.2016.05.002

    Article  Google Scholar 

  35. Guo F, Mu Y, Susilo W, Wong DS, Varadharajan V (2014) CP-ABE with constant-size keys for lightweight devices. IEEE Trans Inf Forensics Secur 9:763–771. https://doi.org/10.1109/TIFS.2014.2309858

    Article  Google Scholar 

  36. Feldman P (1987) A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science, pp 427–438. https://doi.org/10.1109/SFCS.1987.4

  37. Xue K, Hong J, Xue Y, Wei DS, Yu N, Hong P (2017) CABE: a new comparable attribute-based encryption construction with 0-encoding and 1-encoding. IEEE Trans Comput 66:1491–1503. https://doi.org/10.1109/TC.2017.2693265

    Article  MathSciNet  MATH  Google Scholar 

  38. Lynn B (2013) Pairing-based cryptography (PBC) library. http://crypto.stanford.edu/pbc

Download references

Acknowledgements

This work was supported in the science and technology project of education department of Jiangxi Province in China (GJJ201402), the key research and development project of science department in Jiangxi province in China (20171BBE50065) and the project “Research on technology and application of attribute-based encryption based on attached attribute conditional access policy” of National Natural Science Foundation in China.

Author information

Authors and Affiliations

  1. The Mathematics and Computer Science Department, Gannan Normal University, Ganzhou, 341000, Jiangxi, China

    Shengzhou Hu, Xingfu Wang & Tingting Zhong

  2. The Laboratory Department of the First Affiliated Hospital, Gannan Medical College, Ganzhou, 341000, Jiangxi, China

    Hua He

Authors
  1. Shengzhou Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xingfu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hua He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tingting Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shengzhou Hu.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hu, S., Wang, X., He, H. et al. Complex and flexible data access policy in attribute-based encryption. J Supercomput 78, 1010–1029 (2022). https://doi.org/10.1007/s11227-021-03867-5

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-021-03867-5

Keywords

Search

Navigation