Abstract In hybrid cloud computing, encrypted data access control can provide a fine-grained access method for organizations to enact policies closer to organizational policies. This paper presents an improved CP-ABE scheme to construct an encrypted data access control solution that is suitable for mobile users in hybrid cloud system. In our improvement, we split the original decryption keys into a control key, a secret key and a set of transformation keys. The private cloud managed by the organization administrator takes charge of updating the transformation keys using the control key. It helps to handle the situation of flexible access management and attribute alteration. Meanwhile, the mobile user's single secret key remains unchanged as well as the ciphertext even if the data user's attribute had been revoked. In addition, we modify the access control list through adding the attributes with corresponding control key and transformation keys so as to manage user privileges depending upon the system version. Finally, the analysis shows that our scheme is secure, flexible and efficient to be applied in mobile hybrid cloud computing.
This work was supported by the National Natural Science Foundation of China under Grant No. 61502044, and the Fundamental Research Funds for the Central Universities of China under Grant No. 2015RC23.
About author: Wen-Min Li received her B.S. and M.S. degrees in mathematics and applied mathematics from Shaanxi Normal University, Xi'an, in 2004 and 2007, respectively, and her Ph.D. degree in cryptology from Beijing University of Posts and Telecommunications, Beijing, in 2012. She is currently a post-doctoral researcher in Beijing University of Posts and Telecommunications, Beijing.
Cite this article:
Wen-Min Li, Xue-Lei Li, Qiao-Yan Wen, Shuo Zhang, Hua Zhang.Flexible CP-ABE Based Access Control on Encrypted Data for Mobile Users in Hybrid Cloud System[J] Journal of Computer Science and Technology, 2017,V32(5): 974-990
 Kaewpuang R, Niyato D, Wang P, Hossain E. A framework for cooperative resource management in mobile cloud computing. IEEE Journal on Selected Areas in Communications, 2013, 31(12):2685-2700. Grobauer B, Walloschek T, Stocker E. Understanding cloud computing vulnerabilities. IEEE Security & Privacy, 2011, 9(2):50-57. Jansen W, Grance T. Guidelines on security and privacy in public cloud computing. Journal of E-Governance, 2011, 34(3):149-151. Takabi H, Joshi J B D, Ahn G J. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy, 2010, 8(6):24-31. Sahai A, Waters B. Fuzzy identity-based encryption. In Proc. the 24th Annual Int. Conf. Theory and Applications of Cryptographic Techniques, May 2005, pp457-473. Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for fine-grained access control of encrypted data. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30-November 3, 2006, pp.89-98. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In Proc. IEEE Symp. Security and Privacy, May 2007, pp.321-334. Attrapadung N, Libert B, De Panafieu E. Expressive keypolicy attribute-based encryption with constant-size ciphertexts. In Proc. the 14th Int. Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography, March 2011, pp.90-108. Cheung L, Newport C. Provably secure ciphertext policy ABE. In Proc. the 14th ACM Conf. Computer and Communications Security, October 2007, pp.456-465. Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts. In Proc. the 20th USENIX Conf. Security, August 2011. Goyal V, Jain A, Pandey O, Sahai A. Bounded ciphertext policy attribute based encryption. In Proc. the 35th Int. Colloquium on Automata Languages and Programming, July 2008, pp.579-591. Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel and Distributed Systems, 2011, 22(7):1214-1221. Lai J Z, Deng R H, Guan C W, Weng J. Attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Information Forensics and Security, 2013, 8(8):1343-1354. Lewko A, Okamoto T, Sahai A, Takashima K, Waters B. Fully secure functional encryption:Attribute-based encryption and (hierarchical) inner product encryption. In Proc. the 29th Annual Int. Conf. Theory and Applications of Cryptographic Techniques, May 30-June 3, 2010, pp.62-91. Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In Proc. the 14th ACM Conf. Computer and Communications Security, October 2007, pp.195-203. Pirretti M, Traynor P, McDaniel P, Waters B. Secure attribute-based systems. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30-November 3, 2006, pp.99-112. Rouselakis Y, Waters B. Practical constructions and new proof methods for large universe attribute-based encryption. In Proc. the ACM SIGSAC Conf. Computer & Communications Security, November 2013, pp.463-474. Waters B. Ciphertext-policy attribute-based encryption:An expressive, efficient, and provably secure realization. In Proc. the 14th Int. Conf. Practice and Theory in Public Key Cryptography Conf. Public Key Cryptography, March 2011, pp.53-70. Yu S C, Wang C, Ren K, Lou W J. Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proc. IEEE INFOCOM, March 2010. Li M, Yu S C, Zheng Y, Ren K, Lou W J. Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel and Distributed Systems, 2013, 24(1):131-143. Zhou L, Varadharajan V, Hitchens M. Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Information Forensics and Security, 2013, 8(12):1947-1960. Liu X J, Xia Y J, Xiang Y, Hassan M M, Alelaiwi A. A secure and efficient data sharing framework with delegated capabilities in hybrid cloud. In Proc. Int. Symp. Security and Privacy in Social Networks and Big Data, November 2015, pp.7-14. Xu J, Wen Q Y, Li W M, Jin Z P. Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans. Parallel and Distributed Systems, 2016, 27(1):119-129. Beimel A. Secure schemes for secret sharing and key distribution[Ph.D. Thesis]. Faculty of Computer Science, Technion-Israel Institute of Technology, Israel, 1996. Lewko A, Waters B. Decentralizing attribute-based encryption. In Proc. the 30th Annual Int. Conf. Theory and Applications of Cryptographic Techniques:Advances in Cryptology, May 2011, pp.568-588. Boneh D, Franklin M K. Identity-based encryption from the Weil pairing. In Proc. the 21st Annual Int. Cryptology Conf. Advances in Cryptology, August 2001, pp.213-229. Blaze M, Bleumer G, Strauss M. Divertible protocols and atomic proxy cryptography. In Proc. Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, May 1998, pp.127-144. Singhal M, Chandrasekhar S, Ge T J, Sandhu R, Krishnan R, Ahn G J, Bertino E. Collaboration in multicloud computing environments:Framework and security issues. Computer, 2013, 46(2):76-84. Canetti R, Halevi S, Katz J. Chosen-ciphertext security from identity-based encryption. In Proc. the 23rd Annual Int. Conf. the Theory and Applications of Cryptographic Techniques, May 2004, pp.207-222. Li J W, Jia C F, Li J, Chen X F. Outsourcing encryption of attribute-based encryption with MapReduce. In Proc. the 14th Int. Conf. Information and Communications Security, October 2012, pp.191-201.
Copyright 2010 by Journal of Computer Science and Technology