Visible to the public Achieving Privacy-Preserving CP-ABE Access Control with Multi-Cloud

TitleAchieving Privacy-Preserving CP-ABE Access Control with Multi-Cloud
Publication TypeConference Paper
Year of Publication2018
AuthorsLi, Chunhua, He, Jinbiao, Lei, Cheng, Guo, Chan, Zhou, Ke
Conference Name2018 IEEE Intl Conf on Parallel Distributed Processing with Applications, Ubiquitous Computing Communications, Big Data Cloud Computing, Social Computing Networking, Sustainable Computing Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom)
KeywordsAccess Control, access control overhead, access policy tree, achieving privacy-preserving CP-ABE access control, authorisation, Cipher Text Policy-Attribute Based Encryption (CP-ABE), ciphertext-policy, cloud computing, cloud storage, cloud storage environment, cloud storage service, Collaboration, CP-ABE, CP-ABE algorithm, cryptography, data privacy, Encryption, encryption scheme, multi-cloud, multicloud architecture, multicloud CP-ABE, policy-based governance, privacy, privacy leakage, Privacy-preserving, privacy-preserving CP-ABE access control scheme, pubcrawl, Scalability, Servers, share data, single cloud environment, single cloud scheme, single-cloud CP-ABE, storage management, suitable security access control technology, user attribute set, user collusion attack, user data
AbstractCloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user's private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.
DOI10.1109/BDCloud.2018.00120
Citation Keyli_achieving_2018