Biblio

The traditional ciphertext-policy attribute-based encryption (CP-ABE) has the problems of poor security of key distribution by a single attribute authorization center and too much calculation on the client in the process of encryption and decryption. A CP-ABE scheme that can outsource encryption and decryption and support multi-authorization centers is introduced to solve the above two problems. In the key generation stage, the user's private key is generated by the attribute authorization center and the key generation center jointly executing the two-party secure computing protocol; In the encryption and decryption stage, the cloud encryption server and cloud storage server are used to handle most of the computing work. Security proof and performance analysis show that the scheme not only can effectively make up for the defect of all key leakage when the attribute authorization center is broken, but also can enhance the security of the system; Moreover, after using the cloud server to process data, users only need to perform a simple calculation on the client to complete encryption or decryption, thus reducing the user's computing workload.

The security and reliability of power grid dispatching system is the basis of the stable development of the whole social economy. With the development of information, computer science and technology, communication technology, and network technology, using more advanced intelligent technology to improve the performance of security and reliability of power grid dispatching system has important research value and practical significance. In order to provide valuable references for relevant researchers and for the construction of future power system related applications. This paper summarizes the latest technical status of attribute encryption and hierarchical identity encryption methods, and introduces the access control method based on attribute and hierarchical identity encryption, the construction method of attribute encryption scheme, revocable CP-ABE scheme and its application in power grid data security access control. Combined with multi authorization center encryption, third-party trusted entity and optimized encryption algorithm, the parallel access control algorithm of hierarchical identity and attribute encryption and its application in power grid data security access control are introduced.

With the rapid innovation of cloud computing technologies, which has enhanced the application of the Internet of Things (IoT), smart health (s-health) is expected to enhance the quality of the healthcare system. However, s-health records (SHRs) outsourcing, storage, and sharing via a cloud server must be protected and users attribute privacy issues from the public domain. Ciphertext policy attribute-based encryption (CP-ABE) is the cryptographic primitive which is promising to provide fine-grained access control in the cloud environment. However, the direct application of traditional CP-ABE has brought a lot of security issues like attributes' privacy violations and vulnerability in the future by potential powerful attackers like side-channel and cold-bot attacks. To solve these problems, a lot of CP-ABE schemes have been proposed but none of them concurrently support partially policy-hidden and leakage resilience. Hence, we propose a new Smart Health Records Sharing Scheme that will be based on Partially Policy-Hidden CP-ABE with Leakage Resilience which is resilient to bound leakage from each of many secret keys per user, as well as many master keys, and ensure attribute privacy. Our scheme hides attribute values of users in both secret key and ciphertext which contain sensitive information in the cloud environment and are fully secure in the standard model under the static assumptions.

The data sharing is a helpful and financial assistance provided by CC. Information substance security also rises out of it since the information is moved to some cloud workers. To ensure the sensitive and important data; different procedures are utilized to improve access manage on collective information. Here strategies, Cipher text-policyattribute based encryption (CP-ABE) might create it very helpful and safe. The conventionalCP-ABE concentrates on information privacy only; whereas client's personal security protection is a significant problem as of now. CP-ABE byhidden access (HA) strategy makes sure information privacy and ensures that client's protection isn't exposed also. Nevertheless, the vast majority of the current plans are ineffectivein correspondence overhead and calculation cost. In addition, the vast majority of thismechanism takes no thought regardingabilityauthenticationor issue of security spillescapein abilityverificationstage. To handle the issues referenced over, a security protectsCP-ABE methodby proficient influenceauthenticationis presented in this manuscript. Furthermore, its privacy keys accomplish consistent size. In the meantime, the suggestedplan accomplishes the specific safetyin decisional n-BDHE issue and decisional direct presumption. The computational outcomes affirm the benefits of introduced method.

Ensuring data rights, openness and transaction flow is important in today’s digital economy. Few scholars have studied in the area of data confirmation, it is only with the development of blockchain that it has started to be taken seriously. However, blockchain has open and transparent natures, so there exists a certain probability of exposing the privacy of data owners. Therefore, in this paper we propose a new measure of data confirmation based on Ciphertext-Policy Attribute-Base Encryption(CP-ABE). The information with unique identification of the data owner is embedded in the ciphertext of CP-ABE by paillier homomorphic encryption, and the data can have multiple sharers. No one has access to the plaintext during the whole confirmation process, which reduces the risk of source data leakage.

At present, the ciphertext-policy attribute based encryption (CP-ABE) has been widely used in different fields of data sharing such as cross-border paperless trade, digital government and etc. However, there still exist some challenges including single point of failure, key abuse and key unaccountable issues in CP-ABE. To address these problems. We propose an accountable CP-ABE mechanism based on block chain system. First, we establish two authorization agencies MskCA and AttrVN(Attribute verify Network),where the MskCA can realize master key escrow, and the AttrVN manages and validates users' attributes. In this way, our system can avoid the single point of failure and improve the privacy of user attributes and security of keys. Moreover, in order to realize auditability of CP-ABE key parameter transfer, we introduce the did and record parameter transfer process on the block chain. Finally, we theoretically prove the security of our CP-ABE. Through comprehensive comparison, the superiority of CP-ABE is verified. At the same time, our proposed schemes have some properties such as fast decryption and so on.

SWIM (System Wide Information Management) has become the development direction of A TM (Air Traffic Management) system by providing interoperable services to promote the exchange and sharing of data among various stakeholders. The premise of data sharing is security, and the access control has become the key guarantee for the secure sharing and exchange. The CP-ABE scheme (Ciphertext Policy Attribute-Based Encryption) can realize one-to-many access control, which is suitable for the characteristics of SWIM environment. However, the combination of the existing CP-ABE access control and SWIM has following constraints. 1. The traditional single authority CP-ABE scheme requires unconditional trust in the authority center. Once the authority center is corrupted, the excessive authority of the center may lead to the complete destruction of system security. So, SWIM with a large user group and data volume requires multiple authorities CP-ABE when performing access control. 2. There is no unified management of users' data access records. Lack of supervision on user behavior make it impossible to effectively deter malicious users. 3. There are a certain proportion of lightweight data users in SWIM, such as aircraft, users with handheld devices, etc. And their computing capacity becomes the bottleneck of data sharing. Aiming at these issues above, this paper based on cloud-chain fusion basically proposes a multi-authority CP-ABE scheme, called the MOV ATM scheme, which has three advantages. 1. Based on a multi-cloud and multi-authority CP-ABE, this solution conforms to the distributed nature of SWIM; 2. This scheme provides outsourced computing and verification functions for lightweight users; 3. Based on blockchain technology, a blockchain that is maintained by all stakeholders of SWIM is designed. It takes user's access records as transactions to ensure that access records are well documented and cannot be tampered with. Compared with other schemes, this scheme adds the functions of multi-authority, outsourcing, verifiability and auditability, but do not increase the decryption cost of users.

The computing of smart devices at the perception layer of the power Internet of Things is often insufficient, and complex computing can be outsourced to server resources such as the cloud computing, but the allocation process is not safe and controllable. Under special constraints of the power Internet of Things such as multi-users and heterogeneous terminals, we propose a CP-ABE-based non-interactive verifiable computation model of perceptual layer data. This model is based on CP-ABE, NPOT, FHE and other relevant safety and verifiable theories, and designs a new multi-user non-interactive secure verifiable computing scheme to ensure that only users with the decryption key can participate in the execution of NPOT Scheme. In terms of the calculation process design of the model, we gave a detailed description of the system model, security model, plan. Based on the definition given, the correctness and safety of the non-interactive safety verifiable model design in the power Internet of Things environment are proved, and the interaction cost of the model is analyzed. Finally, it proves that the CP-ABE-based non-interactive verifiable computation model for the perceptual layer proposed in this paper has greatly improved security, applicability, and verifiability, and is able to meet the security outsourcing of computing in the power Internet of Things environment.

Cloud computing is a unified management and scheduling model of computing resources. To satisfy multiple resource requirements for various application, edge computing has been proposed. One challenge of edge computing is cross-domain data security sharing problem. Ciphertext policy attribute-based encryption (CP-ABE) is an effective way to ensure data security sharing. However, many existing schemes focus on could computing, and do not consider the features of edge computing. In order to address this issue, we propose a cross-domain data security sharing approach for edge computing based on CP-ABE. Besides data user attributes, we also consider access control from edge nodes to user data. Our scheme first calculates public-secret key peer of each edge node based on its attributes, and then uses it to encrypt secret key of data ciphertext to ensure data security. In addition, our scheme can add non-user access control attributes such as time, location, frequency according to the different demands. In this paper we take time as example. Finally, the simulation experiments and analysis exhibit the feasibility and effectiveness of our approach.

CP-ABE (Ciphertext-policy attribute based encryption) is considered as a secure access control for data sharing. However, the SK(secret key) in most CP-ABE scheme is generated by Centralized authority(CA). It could lead to the high cost of building trust and single point of failure. Because of the characters of blockchain, some schemes based on blockchain have been proposed to prevent the disclosure and protect privacy of users' attribute. Thus, a new CP-ABE identity-attribute management(IAM) data sharing scheme is proposed based on blockchain, i.e. IAM-BDSS, to guarantee privacy through the hidden policy and attribute. Meanwhile, we define a transaction structure to ensure the auditability of parameter transmission on blockchain system. The experimental results and security analysis show that our IAM-BDSS is effective and feasible.

In IoT scenarios, computational and communication costs on the user side are important problems. In most expressive ABE schemes, there is a linear relationship between the access structure size and the number of heavy pairing operations that are used in the decryption process. This property limits the application of ABE. We propose an expressive CP-ABE with the constant number of pairings in the decryption process. The simulation shows that the proposed scheme is highly efficient in encryption and decryption processes. In addition, we use the outsourcing method in decryption to get better performance on the user side. The main burden of decryption computations is done by the cloud without revealing any information about the plaintext. We introduce a new revocation method. In this method, the users' communication channels aren't used during the revocation process. These features significantly reduce the computational and communication costs on the user side that makes the proposed scheme suitable for applications such as IoT. The proposed scheme is selectively CPA-secure in the standard model.

Cloud computing facilitates the access of applications and data from any location by using any device with an internet connection. It enables multiple applications and users to access the same data resources. Cloud based information sharing is a technique that allows researchers to communicate and collaborate, that leads to major new developments in the field. It also enables users to access data over the cloud easily and conveniently. Privacy, authenticity and confidentiality are the three main challenges while sharing data in cloud. There are many methods which support secure data sharing in cloud environment such as Attribute Based Encryption(ABE), Role Based Encryption, Hierarchical Based Encryption, and Identity Based Encryption. ABE provides secure access control mechanisms for integrity. It is classified as Key Policy Attribute Based Encryption(KP-ABE) and Ciphertext Policy Attribute Based Encryption(CP-ABE) based on access policy integration. In KPABE, access structure is incorporated with user's private key, and data are encrypted over a defined attributes. Moreover, in CPABE, access structure is embedded with ciphertext. This paper reviews CP-ABE methods that have been developed so far for achieving secured data sharing in cloud environment.

With the processes of collecting, analyzing, and transmitting the data in the Internet of Things (IoT), the Internet of Medical Things (IoMT) comprises the medical equipment and applications connected to the healthcare system and offers an entity with real time, remote measurement, and analysis of healthcare data. However, the IoMT ecosystem deals with some great challenges in terms of security, such as privacy leaking, eavesdropping, unauthorized access, delayed detection of life-threatening episodes, and so forth. All these negative effects seriously impede the implementation of the IoMT ecosystem. To overcome these obstacles, this article presents an efficient, outsourced online/offline revocable ciphertext policy attribute-based encryption scheme with the aid of cloud servers and blockchains in the IoMT ecosystem. Our proposal achieves the characteristics of fine-grained access control, fast encryption, outsourced decryption, user revocation, and ciphertext verification. It is noteworthy that based on the chameleon hash function, we construct the private key of the data user with collision resistance, semantically secure, and key-exposure free to achieve revocation. To the best of our knowledge, this is the first protocol for a revocation mechanism by means of the chameleon hash function. Through formal analysis, it is proven to be secure in a selectively replayable chosen-ciphertext attack (RCCA) game. Finally, this scheme is implemented with the Java pairing-based cryptography library, and the simulation results demonstrate that it enables high efficiency and practicality, as well as strong reliability for the IoMT ecosystem.

As the public cloud becomes one of the leading ways in data sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This paper proposes a fully policy-hidden CP-ABE scheme constructed on LSSS access structure and prime-order groups for public cloud data sharing. To help users decrypt, HVE with a ``convert step'' is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

In the era of big data, more and more users store data in the cloud. Massive amounts of data have brought huge storage costs to cloud storage providers, and data deduplication technology has emerged. In order to protect the confidentiality of user data, user data should be encrypted and stored in the cloud. Therefore, deduplication of encrypted data has become a research hotspot. Cloud storage provides users with data sharing services, and the sharing of encrypted data is another research hotspot. The combination of encrypted data deduplication and sharing will inevitably become a future trend. The current better-performing updateable block-level message-locked encryption (UMLE) deduplication scheme does not support data sharing, and the performance of the encrypted data de-duplication scheme that introduces data sharing is not as good as that of UMLE. This paper introduces the ciphertext policy attribute based encryption (CP-ABE) system sharing mechanism on the basis of UMLE, applies the CP-ABE method to encrypt the master key generated by UMLE, to achieve secure and efficient data deduplication and sharing. In this paper, we propose a permission verification method based on bilinear mapping, and according to the definition of the security model proposed in the security analysis phase, we prove this permission verification method, showing that our scheme is secure. The comparison of theoretical analysis and simulation experiment results shows that this scheme has more complete functions and better performance than existing schemes, and the proposed authorization verification method is also secure.

CP-ABE (ciphertext-policy attribute-based encryption) is a promising encryption scheme. In this paper, a highly expressive revocable scheme based on the key encryption keys (KEK) tree is proposed. In this method, the cloud server realizes the cancellation of attribute-level users and effectively reduces the computational burden of the data owner and attribute authority. This scheme embeds a unique random value associated with the user in the attribute group keys. The attribute group keys of each user are different, and it is impossible to initiate a collusion attack. Computing outsourcing makes most of the decryption work done by the cloud server, and the data user only need to perform an exponential operation; in terms of security, the security proof is completed under the standard model based on simple assumptions. Under the premise of ensuring security, the scheme in this paper has the functions of revocation and traceability, and the speed of decryption calculation is also improved.

Recently, with the development of the cloud environment, users can store their data or share it with other users. However, various security threats can occur in data sharing systems in the cloud environment. To solve this, data sharing systems and access control methods using the CP-ABE method are being studied, but the following problems may occur. First, in an outsourcing server that supports computation, it is not possible to prove that the computed result is a properly computed result when performing the partial decryption process of the ciphertext. Therefore, the user needs to verify the message obtained by performing the decryption process, and verify that the data is uploaded by the data owner through verification. As another problem, because the data owner encrypts data with attribute-based encryption, the number of attributes included in the access structure increases. This increases the size of the ciphertext, which can waste space in cloud storage. Therefore, a ciphertext of a constant size must be output regardless of the number of attributes when generating the ciphertext. In this paper, we proposes a CP-ABE based data sharing system that provides signature-based verifiable outsourcing. It aims at a system that allows multiple users to share data safely and efficiently in a cloud environment by satisfying verifiable outsourcing and constant-sized ciphertext output among various security requirements required by CP-ABE.

Industry 4.0 connectivity requires ensuring end-to-end (E2E) security for industrial data. This requirement is critical when retrieving data from the OT network. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) guarantees E2E security by encrypting data according to a policy and generating user keys according to attributes. To use this encryption scheme in manufacturing environments, policies must be updatable. This paper proposes a Multi-Layered Policy Key Encapsulation Method for CP-ABE that allows flexible policy update and revocation without modifying the original CP-ABE scheme.

This paper proposes a method of encrypting data stored in the blockchain network by applying ciphertext-policy attribute-based encryption (CP-ABE) and symmetric key algorithm. This method protects the confidentiality and privacy of data that is not protected in blockchain networks, and stores data in a more efficient way than before. The proposed model has the same characteristics of CP-ABE and has a faster processing speed than when only CP-ABE is used.

Ciphertext Policy Attribute-Based Encryption (CPABE) has gained popularity in the research area among the many proposed security models for providing fine-grained access control of data. Lightweight ECC-based CP-ABE schemes can provide feasible selective sharing from resource-constrained devices. However, the existing schemes lack support for a complete revocation mechanism at the user and attribute levels. We propose a novel scheme called Ecc Proxy based Scalable Attribute Revocation (EPSAR-CP-ABE) scheme. It extends an existing ECC-based CP-ABE scheme for lightweight IoT and smart-card devices to implement scalable attribute revocation. The scheme does not require re-distribution of secret keys and re-encryption of ciphertext. It uses a proxy server to furnish a proxy component for decryption. The dependency of the proposed scheme is minimal on the proxy server compared to the other related schemes. The storage and computational overhead due to the attribute revocation feature are negligible. Hence, the proposed EPSAR-CP-ABE scheme can be deployed practically for resource-constrained devices.

Smart grid employs intelligent transmission and distribution networks for effective and reliable delivery of electricity. It uses fine-grained electrical measurements to attain optimized reliability and stability by sharing these measurements among different entities of energy management systems of the grid. There are many stakeholders like users, phasor measurement units (PMU), and other entities, with changing requirements involved in the sharing of the data. Therefore, data security plays a vital role in the correct functioning of a power grid network. In this paper, we propose an attribute-based encryption (ABE) for secure data sharing in Smart Grid architectures as ABE enables efficient and secure access control. Also, the access policy is obfuscated to preserve privacy. We use Linear Secret Sharing (LSS) Scheme for supporting any monotone access structures, thereby enhancing the expressiveness of access policies. Finally, we also analyze the security, access policy privacy and collusion resistance properties along with efficiency analysis of our cryptosystem.

The Internet of Things technology has been used in a wide range of fields, ranging from industrial applications to individual lives. As a result, a massive amount of sensitive data is generated and transmitted by IoT devices. Those data may be accessed by a large number of complex users. Therefore, it is necessary to adopt an encryption scheme with access control to achieve more flexible and secure access to sensitive data. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) can achieve access control while encrypting data can match the requirements mentioned above. However, the long ciphertext and the slow decryption operation makes it difficult to be used in most IoT devices which have limited memory size and computing capability. This paper proposes a modified CP-ABE scheme, which can implement the full security (adaptive security) under the access structure of AND gate. Moreover, the decryption overhead and the length of ciphertext are constant. Finally, the analysis and experiments prove the feasibility of our scheme.

Since a lot of information is outsourcing into cloud servers, data confidentiality becomes a higher risk to service providers. To assure data security, Ciphertext Policy Attributes-Based Encryption (CP-ABE) is observed for the cloud environment. Because ciphertexts and secret keys are relying on attributes, the revocation issue becomes a challenge for CP-ABE. This paper proposes an encryption access control (EAC) scheme to fulfill policy revocation which covers both attribute and user revocation. When one of the attributes in an access policy is changed by the data owner, the authorized users should be updated immediately because the revoked users who have gained previous access policy can observe the ciphertext. Especially for data owners, four types of updating policy levels are predefined. By classifying those levels, each secret token key is distinctly generated for each level. Consequently, a new secret key is produced by hashing the secret token key. This paper analyzes the execution times of key generation, encryption, and decryption times between non-revocation and policy revocation cases. Performance analysis for policy revocation is also presented in this paper.

In today's smart healthcare system, medical records of patients are exposed to a large number of users for various purposes, from monitoring the patients' health to data analysis. Preserving the privacy of a patient has become an important and challenging issue. outsourced Ciphertext-Policy Attribute-Based Encryption (CP-ABE) provides a solution for the data sharing and privacy preservation problem in the healthcare system in fog environment. However, the high computational cost in case of frequent attribute updates renders it infeasible for providing access control in healthcare systems. In this paper, we propose an efficient method to overcome the frequent attribute update problem of outsourced CP-ABE. In our proposed approach, we generate two keys for each user (a static key and a dynamic key) based on the constant and changing attributes of the users. Therefore, in case of an attribute change for a user, only the dynamic key is updated. Also, the key update is done at the fog nodes without compromising the security of the system. Thus, both the communication and the computational overhead associated with the key update in the outsourced CP-ABE scheme are reduced, making it an ideal solution for data access control in healthcare systems. The efficacy of our proposed approach is shown through theoretical analysis and experimentation.

In order to improve the buffering performance of the data encrypted by CP-ABE (ciphertext policy attribute based encryption), this paper proposed a Markov prefetching model based on attribute classification. The prefetching model combines the access strategy of CP-ABE encrypted file, establishes the user relationship network according to the attribute value of the user, classifies the user by the modularity-based community partitioning algorithm, and establishes a Markov prefetching model based on attribute classification. In comparison with the traditional Markov prefetching model and the classification-based Markov prefetching model, the attribute-based Markov prefetching model is proposed in this paper has higher prefetch accuracy and coverage.