An Adaptive Secure and Practical Data Sharing System With Verifiable Outsourced Decryption

被引:4
作者
Xu, Shengmin [1 ,2 ]
Han, Xingshuo [3 ]
Xu, Guowen [4 ]
Ning, Jianting [1 ,2 ,5 ]
Huang, Xinyi [6 ]
Deng, Robert H. [7 ]
机构
[1] Applicat Minist Educ, Key Lab Analyt Math, Fuzhou 350117, Peoples R China
[2] Fujian Normal Univ, Coll Comp & Cyber Secur, Fujian Prov Key Lab Network Secur & Cryptol, Fuzhou 350117, Peoples R China
[3] Nanyang Technol Univ, Sch Comp Sci & Engn, Singapore 639798, Singapore
[4] City Univ Hong Kong, Dept Comp Sci, Hong Kong, Peoples R China
[5] City Univ Macau, Fac Data Sci, Taipa 999078, Macao, Peoples R China
[6] Hong Kong Univ Sci & Technol Guangzhou, Artificial Intelligence Thrust, Informat Hub, Guangzhou 511458, Peoples R China
[7] Singapore Management Univ, Sch Comp & Informat Syst, Singapore 188065, Singapore
基金
中国国家自然科学基金;
关键词
Security; Access control; Standards; Encryption; Data models; Adaptive systems; Cloud computing; Adaptive security; fine-grained access control; verifiable outsourced decryption; IDENTITY-BASED ENCRYPTION; EXTRACTORS; FRAMEWORK; HIBE; IBE;
D O I
10.1109/TSC.2023.3321314
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Cloud computing is the widespread acceptance of a promising paradigm offering a substantial amount of storage and data services on demand. To preserve data confidentiality, many cryptosystems have been introduced. However, current solutions are incompatible with the resource-constrained end-devices because of a variety of vulnerabilities in terms of practicality and security. In this article, we propose a practical and secure data-sharing system by introducing a new design of attribute-based encryption with verifiable outsourced decryption-attribute-based encryption (VO-ABE for short). Our system offers: (1) data sharing at a fine-grained level; (2) a scalable key issuing protocol without any secure channel; (3) a verifiable outsourced decryption mechanism for resource-constrained end-devices against the malicious cloud service provider; and (4) adaptive security against the real-world attacks. To formalize our solution with cryptographic analysis, we present the formal definition of VO-ABE and its concrete construction with provable security. In particular, our design leverages the techniques of the traditional ABE, verifiable outsourced decryption, and randomness extractor to support fine-grained access control, cost-effective data sharing, and security assurance with high entropy. Moreover, our design is provably secure in the adaptive model under the standard assumption, which offers a stronger security guarantee since the state-of-the-art solution is selectively secure under the non-standard assumption and suffers from a variety of real-world attacks. The implementation and evaluation demonstrate that our solution enjoys superior functionality and better performance than the relevant solutions. More importantly, our solution is compatible with the resource-constrained end-devices since the decryption mechanism takes around 1.1 ms and is 22.7x faster than the state-of-the-art solution.
引用
收藏
页码:776 / 788
页数:13
相关论文
共 47 条
  • [1] Multi-input Inner-Product Functional Encryption from Pairings
    Abdalla, Michel
    Gay, Romain
    Raykova, Mariana
    Wee, Hoeteck
    [J]. ADVANCES IN CRYPTOLOGY - EUROCRYPT 2017, PT I, 2017, 10210 : 601 - 626
  • [2] FAME: Fast Attribute-based Message Encryption
    Agrawal, Shashank
    Chase, Melissa
    [J]. CCS'17: PROCEEDINGS OF THE 2017 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2017, : 665 - 682
  • [3] Multi-input Attribute Based Encryption and Predicate Encryption
    Agrawal, Shweta
    Yadav, Anshu
    Yamada, Shota
    [J]. ADVANCES IN CRYPTOLOGY - CRYPTO 2022, PT I, 2022, 13507 : 590 - 621
  • [4] Charm: a framework for rapidly prototyping cryptosystems
    Akinyele, Joseph A.
    Garman, Christina
    Miers, Ian
    Pagano, Matthew W.
    Rushanan, Michael
    Green, Matthew
    Rubin, Aviel D.
    [J]. JOURNAL OF CRYPTOGRAPHIC ENGINEERING, 2013, 3 (02) : 111 - 128
  • [5] Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications
    Al-Fuqaha, Ala
    Guizani, Mohsen
    Mohammadi, Mehdi
    Aledhari, Mohammed
    Ayyash, Moussa
    [J]. IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2015, 17 (04): : 2347 - 2376
  • [6] [Anonymous], 2011, PROC USENIX SECUR S
  • [7] Dual System Encryption Framework in Prime-Order Groups via Computational Pair Encodings
    Attrapadung, Nuttapong
    [J]. ADVANCES IN CRYPTOLOGY - ASIACRYPT 2016, PT II, 2016, 10032 : 591 - 623
  • [8] Ciphertext-policy attribute-based encryption
    Bethencourt, John
    Sahai, Amit
    Waters, Brent
    [J]. 2007 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2007, : 321 - +
  • [9] Boneh D, 2004, LECT NOTES COMPUT SC, V3027, P223
  • [10] Identity-based encryption from the Weil pairing
    Boneh, D
    Franklin, M
    [J]. SIAM JOURNAL ON COMPUTING, 2003, 32 (03) : 586 - 615