Study On Attribute-based Encryption

As a new ‘one-to-many’ encryption approach, attribute-based encryption(ABE) has attracted a lot of attention from both academic and industry. To be different from the traditional encryption technique and identity-based encryption(IBE), the ciphertexts and users are described by varieties of attributes, and there is no requirement of the encryptor to know about the public key or the exact identity of the potential recipient. Moreover, various fine-grained and flexible access policies are supported while the data confidentiality is well protected. However, previous ABE schemes cannot be directly deployed in the real applications due to the following defects:Firstly, the computation may cost heavy overhead. Generally speaking, both the size of ciphertext and the decryption expenditure go linearly with the number of attributes used in encryption and decryption, respectively. Secondly, most of current ABE schemes usually assume that there is only one authority which is in charge of administrating attributes and issuing keys. Nevertheless, in real world, multiple authorities may co-exist. Last but not least, the majority of ABE schemes lack of efficient user revocation mechanism. In ABE systems, multiple users may simultaneously possess some attributes. When some users lose one or more attributes, there is a noteworthy problem that how to revoke their access privilege without affecting other legal users.To address the issues, we analyze the current ABE schemes and propose a few secure and efficient ABE schemes. Additionally, we design an attribute-based access control system for cloud storage. In general, we make the following contributions:1. To improve the computation efficiency, we propose a short-ciphertext CP-ABE scheme with constant-time decryption pairing operations. In the proposed scheme, the ciphertext consists of constant number of group elements. In addition, only constant-time bilinear pairing operations are required in decryption, no matter how many attributes are employed. Any AND-gate access structure with wildcard attributes is supported. We prove that this scheme is secure against chosen plaintext attack(CPA) under the decisional Bilinear Diffie-Hellman exponent assumption(BDHE) in the selective-ID model. We further extend our scheme to be secure against chosen ciphertext attack(CCA) by employing the strongly existentially unforgeable one-time signature technique.2. Previous adaptively secure multi-authority attribute-based encryption(ABE) schemes suffered from superfluous computation overhead on composite order groups. To tackle this problem, an adaptively secure multi-authority ciphertext-policy ABE(MA-CP-ABE) scheme on prime order groups was proposed when a dual pairing vector space approach was employed. The proposed scheme supports any monotone access structure, and is proven adaptively secure from the decisional linear assumption in the standard model. Performance analysis indicates that our scheme is more efficient while achieving the adaptive security.3. The previous multi-authority ABE schemes are subject to such restrictions during setting up the systems: either the attribute universe is polynomially sized and the attributes have to be enumerated, or the attribute universe can be exponentially large, but the size of the set of attributes is not more than a predefined fixed value ‘n’, where ‘n’ denotes the number of attributes which will be used in encryption. To track this problem, we propose a large universe multi-authority CP-ABE scheme and a large universe decentralizing KP-ABE scheme, by employing Rouselakis’ s technique. In the proposed two schemes, there is no requirement of the attribute authorities(AAs) to cooperate in the initialization phase. Moreover, the size of system public parameters goes linearly with the number of AAs, no matter how large can the attribute universe be. Thus, the system is more scalable and acceptable. The two proposed schemes support any monotonic access structure, and are proved secure in the selective-ID model.4. Prior multi-authority KP-ABE schemes are proved secure in a weak security model that is called the selective-ID model. That is, before getting the public parameters, the adversary has to declare the challenge attribute set(in KP-ABE) or the challenge access structure(in CP-ABE). We propose an adaptively secure multi-authority KP-ABE scheme. Similarly, there is no need of any central authority(CA), and the AAs initialize the system without collaboration. The presented scheme supports any monotone access policy and is proved to be adaptively secure against the chosen plaintext attack in the standard model by employing the Waters dual system proof technique.5. As a new cryptography primitive, ABE has been broadly used to design fine-grained access control system in cloud storage. However, since the absence of efficient user revocation technique, most of the ABE schemes cannot be directly adopted in constructing the attribute-based access control system in clouds. Meanwhile, the user’s attributes may be issued by multiple AAs, and the users are suffering from heavy computation cost in decryption. To tackle these problems, we propose an attribute-based access control system for the cloud storage. We first construct a new multi-authority CP-ABE scheme, which enables the data provider to encrypt the uploaded data and autonomously embed the access policy in the ciphertext simultaneously. We also outsource the complicated bilinear pairing operations to the cloud server by employing the decryption outsourcing approach introduced by Matthew Green et.al.. As a result, only one exponent operation is required during user decryption. Last but not least, we propose a new attribute-level revocation approach. Once some attributes are revoked from a user, he will not lose all of the privileges. He can access the data if his remaining attributes satisfy the embedded access policy. Moreover, our revocation approach can also achieve the forward and backward security.