Expressive CP-ABE with partially hidden access structures

Lai, Junzuo; Deng, Robert H.; Li, Yingjiu

doi:10.1145/2414456.2414465

Cited by 160 publications

(126 citation statements)

References 31 publications

Supporting

Mentioning

126

Contrasting

Order By: Relevance

“…In Table 1, we compare the user's private key size, ciphertext size, public key size, and computational cost used in the whole system with those in [8][9][10]. Compared to [8], the user's private key size is the same, the ciphertext size is increased by the bit size of an element in G 1 because 1 ( , ) is embedded into it, and the public key size is increased by the bit size of an element in G 0 because PK SDS = is used as one of the public keys in the system.…”

Section: Extra Costs Due To the Sds Constraint And Comparisonmentioning

confidence: 99%

“…Compared to [8][9][10], our scheme has an extra network communication cost per data object if the data object is under an SDS constraint. The proxy server sends the partially decrypted ciphertext to the SDS monitor, and the SDS monitor sends the further partially decrypted ciphertext to the user.…”

Section: Extra Costs Due To the Sds Constraint And Comparisonmentioning

confidence: 99%

“…Compared to KP-ABE (Key-Policy Attribute-Based Encryption) [4] and fuzzy identity-based encryption [2], CP-ABE (Ciphertext-Policy Attribute-Based Encryption) [3,5] is more appropriate, as it enables the data owner to more freely define the access control policy. Moreover, because the access control policy itself may leak critical information, efforts have been made [6][7][8][9][10] to hide the access control policy by blinding the attributes within it.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

Helil

Rahman

2017

Security and Communication Networks

View full text Add to dashboard Cite

CP-ABE (Ciphertext-Policy Attribute-Based Encryption) with hidden access control policy enables data owners to share their encrypted data using cloud storage with authorized users while keeping the access control policies blinded. However, a mechanism to prevent users from achieving successive access to a data owner’s certain number of data objects, which present a conflict of interest or whose combination thereof is sensitive, has yet to be studied. In this paper, we analyze the underlying relations among these particular data objects, introduce the concept of the sensitive data set constraint, and propose a CP-ABE access control scheme with hidden attributes for the sensitive data set constraint. This scheme incorporates extensible, partially hidden constraint policy. In our scheme, due to the separation of duty principle, the duties of enforcing the access control policy and the constraint policy are divided into two independent entities to enhance security. The hidden constraint policy provides flexibility in that the data owner can partially change the sensitive data set constraint structure after the system has been set up.

show abstract

Section: Extra Costs Due To the Sds Constraint And Comparisonmentioning

confidence: 99%

Section: Extra Costs Due To the Sds Constraint And Comparisonmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

Helil

Rahman

2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Early ABE schemes reveal the access policy of ciphertexts to everyone, which might be sensitive. Anonymous ABE [33,39] is then proposed.…”

Section: Attribute-based Encryptionmentioning

confidence: 99%

“…For example, the size of public key and ciphertext in the first anonymous ABE scheme [39] are both linear in the size of the attribute domain U, and it only supports limited form of policies. The scheme of Lai et al [33] supports linear secret sharing scheme (LSSS) (see Def. 1) based policy, yet they sacrifice anonymity to some extent.…”

Section: Attribute-based Encryptionmentioning

confidence: 99%

Are you The One to Share? Secret Transfer with Access Structure

Zhao

Chow

2016

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Sharing information to others is common nowadays, but the question is with whom to share. To address this problem, we propose the notion of secret transfer with access structure (STAS). STAS is a twoparty computation protocol that enables the server to transfer a secret to a client who satisfies the prescribed access structure. In this paper, we focus on threshold secret transfer (TST), which is STAS for threshold policy and can be made more expressive by using linear secret sharing. TST enables a number of applications including a simple construction of oblivious transfer (OT) with threshold access control, and (a variant of) threshold private set intersection (t-PSI), which are the first of their kinds in the literature to the best of our knowledge. The underlying primitive of STAS is a variant of OT, which we call OT for a sparse array. We provide two constructions which are inspired by state-of-the-art PSI techniques including oblivious polynomial evaluation (OPE) and garbled Bloom filter (GBF). The OPEbased construction is secure in the malicious model, while the GBF-based one is more efficient. We implemented the latter one and showed its performance in applications such as privacy-preserving matchmaking.

show abstract

Towards a secure incremental proxy re‐encryption for e‐healthcare data sharing in mobile cloud computing

Bhatia

Verma

Sharma³

2019

Concurrency and Computation

View full text Add to dashboard Cite

Cloud computing provides universal access to a pool of shared resources to numerous stakeholders/shareholders of the e-healthcare industry. The speedy adoption of cloud computing has inevitably raised security concerns for the outsourced data. Since mobile devices are resource constrained, the security solutions must discharge the computing comprehensive operations on the cloud for implementation. Conventionally, any modification to uploaded record would compel the mobile client to encrypt and compute the hash value from scratch. Through this paper, we intend to propose a pairing-free incremental proxy re-encryption scheme, without certificates, which would run proportionate to the number of modifications in time, instead of the document length for improvement in the file modification tasks. The proposed scheme shows a significant improvement in the file modification system regarding the energy consumption and the turnaround timer taken. The proposed scheme has been verified through a formal method using Z 3 solver. KEYWORDScloud computing, e-healthcare, incremental cryptography, mobile Cloud, proxy re-encryption, security INTRODUCTIONThe life-saving efforts in the eleventh hour have often fallen hard back even with advancements in the health care industry and medical services.One of the reasons for such situation is the unavailability of the patient's records that are generally stacked in the piles of paperwork. Firstly, these records are highly ambiguous with multiple gaps in information. Secondly, these records are generally scattered at several heath care centers through the region with different physicians, pharmacies, and hospitals. A number of information systems that contribute to the development of a more complete electronic health record (EHR) are being implemented by the hospitals nowadays to address these problems. Information regarding the patient's health care can be accessed instantly with the help of the electronic systems. An EHR is a centralized source storing medical and treatment history of patients' health information. These valuable patient-centered records can be accessed easily by all the approved healthcare providers (laboratories, specialists, pharmacists, etc).E-health applications generate a lot of data that become difficult for the health care units to store on a single computer because of catastrophic failures. Cloud services thus provide techniques for outsourcing the restrictive expensive computations and data in a secure manner, and this is prevalent in the research community. 1-6 Muhameed et al 7 proposed a ubiquitous health care framework (UbeHealth) encompassing edge computing, Internet of things (IoT), high-performance computing to address the challenges including network latency, deep learning, reliability, big data, bandwidth requirement, rising costs, etc, for satisfying next-generation health care needs.The clients owning resource-constraint mobiles can outsource the heavy computations and massive data onto the suspicious cloud servers and benefit from the unlimited comput...

show abstract

Expressive CP-ABE with partially hidden access structures

Cited by 160 publications

References 31 publications

CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

CP-ABE Access Control Scheme for Sensitive Data Set Constraint with Hidden Access Policy and Constraint Policy

Are you The One to Share? Secret Transfer with Access Structure

Towards a secure incremental proxy re‐encryption for e‐healthcare data sharing in mobile cloud computing

Contact Info

Product

Resources

About