Abstract:
Attribute-based encryption (ABE) is a public-key based one-to-many encryption that allows users to encrypt and decrypt data based on user attributes. A promising application of ABE is flexible access control of encrypted data stored in the cloud, using access policies and ascribed attributes associated with private keys and ciphertexts. One of the main efficiency drawbacks of the existing ABE schemes is that decryption involves expensive pairing operations and the number of such operations grows with the complexity of the access policy. Recently, Green et al. proposed an ABE system with outsourced decryption that largely eliminates the decryption overhead for users. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE ciphertext satisfied by that user’s attributes or access policy into a simple ciphertext, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext. Security of an ABE system with outsourced decryption ensures that an adversary (including a malicious cloud) will not be able to learn anything about the encrypted message; however, it does not guarantee the correctness of the transformation done by the cloud. In this paper, we consider a new requirement of ABE with outsourced decryption: verifiability. Informally, verifiability guarantees that a user can efficiently check if the transformation is done correctly. We give the formal model of ABE with verifiable outsourced decryption and propose a concrete scheme. We prove that our new scheme is both secure and verifiable, without relying on random oracles. Finally, we show an implementation of our scheme and result of performance measurements, which indicates a significant reduction in computing resources imposed on users.
Introduction
Nowadays, as an emerging and efficient computing model, cloud computing has attracted widespread attention and support in many fields. In the cloud computing environment, many services such as resource renting, application hosting, and service outsourcing show the core concept of an on-demand service in the IT field. In recent years, many IT tycoons are developing their business cloud computing system.
It proposes a hierarchical ciphertext-policy at-tribute-based encryption (CP-ABE) access control scheme with constant-size ciphertext that can realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing.
Our contributions are: the proposed scheme adopts CP-ABE with constant ciphertext size and maintains the size of ciphertext and the computation of bilinear pairing at a constant value, which improves the efficiency of the system and reduces the extra overhead of space storage, data transmission, and computation. Second, we design a hierarchical access control system. This system supports inheritance of authorization that reduces the burden and risk in the case of single authority. Finally, we prove our scheme has indistinguishable security under an adaptively chosen ciphertext attack and we analyze the performance of our scheme. We present a simulation model to apply
Existing system:
An ABE system with outsourced decryption that largely eliminates the decryption overhead for users. In such a system, a user provides an untrusted server, say a cloud service provider, with a transformation key that allows the cloud to translate any ABE ciphertext satisfied by that user’s attributes or access policy into a simple ciphertext, and it only incurs a small computational overhead for the user to recover the plaintext from the transformed ciphertext
.Disadvantages:
One of the main efficiency drawbacks of the most existing ABE schemes is that decryption is expensive for resource-limited devices due to pairing operations, and the number of pairing operations required to decrypt a ciphertext grows with the complexity of the access policy.
At the cost of security, only proven in a weak model.
Proposed system:
Modify the original model of ABE with outsourced decryption in the existing system to allow for verifiability of the transformations. After describing the formal definition of verifiability, we propose a new ABE model and based on this new model construct a concrete ABE scheme with verifiable outsourced decryption. Our scheme does not rely on random oracles.
Advantages:
Proposed scheme does not rely on random oracles.
The scheme substantially reduced the computation time required for resource-limited devices to recover plaintexts.
