Biblio

Smart grid consists of multiple different entities related to various energy management systems which share fine-grained energy measurements among themselves in an optimal and reliable manner. Such delivery is achieved through intelligent transmission and distribution networks composed of various stakeholders like Phasor Measurement Units (PMUs), Master and Remote Terminal Units (MTU and RTU), Storage Centers and users in power utility departments subject to volatile changes in requirements. Hence, secure accessibility of data becomes vital in the context of efficient functioning of the smart grid. In this paper, we propose a practical attribute-based encryption scheme for securing data sharing and data access in Smart Grid architectures with the added advantage of obfuscating the access policy. This is aimed at preserving data privacy in the context of competing smart grid operators. We build our scheme on Linear Secret Sharing (LSS) Schemes for supporting any monotone access structures and thus enhancing the expressiveness of access policies. Lastly, we analyze the security, access policy privacy and collusion resistance properties of our cryptosystem and provide an efficiency comparison as well as experimental analysis using the Charm-Crypto framework to validate the proficiency of our proposed solution.

Ciphertext-policy attribute-based encryption (CP-ABE) is applied to many data service platforms to provides secure and fine-grained access control. In this paper, a new CP-ABE system based on the algebraic decision diagram (ADD) is presented. The new system makes full use of both the powerful description ability and the high calculating efficiency of ADD to improves the performance and efficiency of algorithms contained in CP-ABE. First, the new system supports both positive and negative attributes in the description of access polices. Second, the size of the secret key is constant and is not affected by the number of attributes. Third, time complexity of the key generation and decryption algorithms are O(1). Finally, this scheme allows visitors to have different access permissions to access shared data or file. At the same time, PV operation is introduced into CP-ABE framework for the first time to prevent resource conflicts caused by read and write operations on shared files. Compared with other schemes, the new scheme proposed in this paper performs better in function and efficiency.

Security of personal data in the e-healthcare has always been challenging issue. The embedded and wearable devices used to collect these personal and critical data of the patients and users are sensitive in nature. Attribute-Based Encryption is believed to provide access control along with data security for distributed data among multiple parties. These resources limited devices do have the capabilities to secure the data while sending to the cloud but instead it increases the overhead and latency of running the encryption algorithm. On the top of if confidentiality is required, which will add more latency. In order to reduce latency and overhead, we propose a new load balancing algorithm that will distribute the data to nearby devices with available resources to encrypt the data and send it to the cloud. In this article, we are proposing a load balancing algorithm for E-Health system called (GALB). Our algorithm is based on Genetic Algorithm (GA). Our algorithm (GALB) distribute the tasks that received to the main gateway between the devices on E-health environment. The distribution strategy is based on the available resources in the devices, the distance between the gateway and the those devices, and the complexity of the task (size) and CP-ABE encryption policy length. In order to evaluate our algorithm performance, we compare the near optimal solution proposed by GALB with the optimal solution proposed by LP.

To achieve a fine-grained access control function and guarantee the data confidentiality in the cloud storage environment, ciphertext policy attribute-based encryption (CP-ABE) has been widely implemented. However, due to the high computation and communication overhead, the nature of CP-ABE mechanism makes it difficult to be adopted in resource constrained terminals. Furthermore, the way of realizing varying levels of undo operations remains a problem. To this end, the access matrix that satisfies linear secret sharing scheme (LSSS) was optimized with Cauchy matrix, and then a user-level revocation scheme based on Chinese Remainder Theorem was proposed. Additionally, the attribute level revocation scheme which is based on the method of key encrypt key (KEK) and can help to reduce the storage overhead has also been improved.

Space-air-ground integrated network (SAGIN) is emerged as a versatile computing and traffic architecture in recent years. Though SAGIN brings many significant benefits for modern communication and computing services, there are many unprecedented challenges in SAGIN. The one critical challenge in SAGIN is the data security. In SAGIN, because the data will be stored in cleartext on cloud, the sensitive data may suffer from the illegal access by the unauthorized users even the untrusted cloud servers (CSs). Ciphertext-policy attribute-based encryption (CP-ABE), which is a type of attribute-based encryption (ABE), has been regarded as a promising solution to the critical challenge of the data security on cloud. But there are two main blemishes in traditional CP-ABE. The first one is that there is only one attribute authority (AA) in CP-ABE. If the single AA crashs down, the whole system will be shut down. The second one is that the AA cannot effectively manage the life cycle of the users’ private keys. If a user on longer has one attribute, the AA cannot revoke the user’s private key of this attribute. This means the user can still decrypt some ciphertexts using this invalid attribute. In this paper, to solve the two flaws mentioned above, we propose a multi-authority CP-ABE (MA-CP-ABE) scheme with the dynamical key revocation (DKR). Our key revocation supports both user revocation and attribute revocation. And the our revocation is time friendly. What’s more, by using our dynamically tag-based revocation algorithm, AAs can dynamically and directly re-enable or revoke the invalid attributes to users. Finally, by evaluating and implementing our scheme, we can observe that our scheme is more comprehensive and practical for cloud applications in SAGIN.

Ciphertext policy Attribute-based encryption (CPABE) plays an increasingly important role in the field of fine-grained access control for cloud storage. However, The exiting solution can not balance the issue of user identity tracking and user revocation. In this paper, we propose a CP-ABE scheme that supports association revocation and traceability. This scheme uses identity directory technology to realize single user revocation and associated user revocation, and the ciphertext re-encryption technology guarantees the forward security of revocation without updating the private key. In addition, we can accurately trace the identity of the user according to the decryption private key and effectively solve the problem of key abuse. This scheme is proved to be safe and traceable under the standard model, and can effectively control the computational and storage costs while maintaining functional advantages. It is suitable for the practical scenarios of tracking audit and user revocation.

The Internet of Things (IoT) is a technological vision in which constrained or embedded devices connect together through the Internet. This enables common objects to be empowered with communication and cooperation capabilities. Industry can take an enormous advantage of IoT, leading to the so-called Industrial IoT. In these systems, integrity, confidentiality, and access control over data are key requirements. An emerging approach to reach confidentiality and access control is Attribute-Based Encryption (ABE), which is a technique able to enforce cryptographically an access control over data. In this paper, we propose fABElous, an ABE scheme suitable for Industrial IoT applications which aims at minimizing the overhead of encryption on communication. fABElous ensures data integrity, confidentiality, and access control, while reducing the communication overhead of 35% with respect to using ABE techniques naively.

Internet of things era grown very rapidly in Industrial Revolution 4.0, there are many researchers use the Wireless Sensor Network (WSN) technology to obtain the data for environmental monitoring. The data obtained from WSN will be sent to the Data Center, where users can view and collect all of data from the Data Center using end devices such as personal computer, laptop, and mobile phone. The Data Center would be very dangerous, because everyone can intercept, track and even modify the data. Security requirement to ensure the confidentiality all of stored data in the data center and give the authenticity in data has not changed during the collection process. Ciphertext Policy Attribute-Based Encryption (CP-ABE) can become a solution to secure the confidentiality for all of data. Only users with appropriate rule of policy can get the original data. To guarantee there is no changes during the collection process of the data then require the time stamp digital signature for securing the data integrity. To protect the confidentiality and data integrity, we propose a security mechanism using CP-ABE with user revocation and Time Stamp Digital Signature using Elliptic Curve Cryptography (ECC) 384 bits. Our system can do the revocation for the users who did the illegal access. Our system is not only securing the data but also providing the guarantee that is no changes during the collection process of the data from the Data Center.

In a computer world, to identify anyone by doing a job or to authenticate by checking their identification and give access to computer. Access Control model comes in to picture when require to grant the permissions to individual and complete the duties. The access control models cannot give complete security when dealing with cloud computing area, where access control model failed to handle the attributes which are requisite to inhibit access based on time and location. When the data outsourced in the cloud, the information holders expect the security and confidentiality for their outsourced data. The data will be encrypted before outsourcing on cloud, still they want control on data in cloud server, where simple encryption is not a complete solution. To irradiate these issues, unlike access control models proposed Attribute Based Encryption standards (ABE). In ABE schemes there are different types like Key Policy-ABE (KP-ABE), Cipher Text-ABE (CP-ABE) and so on. The proposed method applied the access control policy of CP-ABE with Advanced Encryption Standard and used elliptic curve for key generation by using multi stage encryption which divides the users into two domains, public and private domains and shuffling the data base records to protect from inference attacks.

Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology that provides fine-grained access control as well as data confidentiality. It enables one sender to encrypt the data for more receivers, and to specify a policy on who can decrypt the ciphertext using his/her attributes alone. However, most existing ABE schemes are constructed on bilinear maps and they cannot resist quantum attacks. In this paper, we propose a multi-authority CP-ABE (MA-CPABE) scheme on ideal lattices which is still secure in post-quantum era. On one hand, multiple attribute authorities are required when user's attributes cannot be managed by a central authority. On the other hand, compared with generic lattice, the ideal lattice has extra algebraic structure and can be used to construct more efficient cryptographic applications. By adding some virtual attributes for each authority, our scheme can support flexible threshold access policy. Security analysis shows that the proposed scheme is secure against chosen plaintext attack (CPA) in the standard model under the ring learning with errors (R-LWE) assumption.

Cloud storage solutions have gained momentum in recent years. However, cloud servers can not be fully trusted. Data access control have becomes one of the main impediments for further adoption. One appealing approach is to incorporate the access control into encrypted data, thus removing the need to trust the cloud servers. Among existing cryptographic solutions, Ciphertext Policy Attribute-Based Encryption (CP-ABE) is well suited for fine-grained data access control in cloud storage. As promising as it is, user revocation is a cumbersome problem that impedes its wide application. To address this issue, we design an access control system called DUR-CP-ABE, which implements identity-based User Revocation in a data owner Discretionary way. In short, the proposed solution provides the following salient features. First, user revocation enforcement is based on the discretion of the data owner, thus providing more flexibility. Second, no private key updates are needed when user revocation occurs. Third, the proposed scheme allows for group revocation of affiliated users in a batch operation. To the best of our knowledge, DUR-CP-ABE is the first CP-ABE solution to provide affiliation- based batch revocation functionality, which fits naturally into organizations' Identity and Access Management (IAM) structure. The analysis shows that the proposed access control system is provably secure and efficient in terms of computation, communi- cation and storage.

Smart grid systems data has been exposed to several threats and attacks from different perspectives and have resulted in several system failures. Obtaining security of data and key exposure and enhancing system ability in data collection and transmission process are challenging, on the grounds smart grid data is sensitive and enormous sum. In this paper we introduce smart grid data security method along with advanced Cipher text policy attribute based encryption (CP-ABE). Cloud supported IoT is widely used in smart grid systems. Smart IoT devices collect data and perform status management. Data obtained from the IOT devices will be divided into blocks and encrypted data will be stored in different cloud server with different encrypted keys even when one cloud server is assaulted and encrypted key is exposed data cannot be decrypted, thereby the transmission and encryption process are done in correspondingly. We protect access-tree structure information even after the data is shared to user by solving revocation problem in which cloud will inform data owner to revoke and update encryption key after user has downloaded the data, which preserves the data privacy from unauthorized users. The analysis of the system concludes that our proposed system can meet the security requirements in smart grid systems along with cloud-Internet of things.

In this paper, we propose an access control model featured with the efficient key update function in data outsourcing environment. Our access control is based on the combination of Ciphertext Policy - Attribute-based Encryption (CP-ABE) and Role-based Access Control (RBAC). The proposed scheme aims to improve the attribute and key update management of the original CP-ABE. In our scheme, a user's key is incorporated into the attribute certificate (AC) which will be used to decrypt the ciphertext encrypted with CP-ABE policy. If there is any change (update or revoke) of the attributes appearing in the key, the key in the AC will be updated upon the access request. This significantly reduces the overheads in updating and distributing keys of all users simultaneously compared to the existing CP-ABE based schemes. Finally, we conduct the experiment to evaluate the performance of our proposed scheme to show the efficiency of our proposed scheme.

Cloud offers flexible and cost effective storage for big data but the major challenge is access control of big data processing. CP-ABE is a desirable solution for data access control in cloud. However, in CP-ABE the access policy may leak user's private information. To address this issue, Hidden Policy CP-ABE schemes proposed but those schemes still causing data leakage problem because the access policies are partially hidden and create more computational cost. In this paper, we propose a New Hidden Policy Ciphertext Policy Attribute Based Encryption (HP-CP-ABE) to ensure Big Data Access Control with Privacy-preserving Policy in Cloud. In proposed method, we used Multi Secret Sharing Scheme(MSSS) to reduce the computational overhead, while encryption and decryption process. We also applied mask technique on each attribute in access policy and embed the access policy in ciphertext, to protect user's private information from access policy. The security analysis shows that HP-CP-ABE is more secure and preserve the access policy privacy. Performance evaluation shows that our schemes takes less computational cost than existing scheme.

Cloud computing has a major role in the development of commercial systems. It enables companies like Microsoft, Amazon, IBM and Google to deliver their services on a large scale to its users. A cloud service provider manages cloud computing based services and applications. For any organization a cloud service provider (CSP) is an entity which works within it. So it suffers from vulnerabilities associated with organization, including internal and external attacks. So its challenge to organization to secure a cloud service provider while providing quality of service. Attribute based encryption can be used to provide data security with Key policy attribute based encryption (KP-ABE) or ciphertext policy attribute based encryption (CP-ABE). But these schemes has lack of scalability and flexibility. Hierarchical CP-ABE scheme is proposed here to provide fine grained access control. Data security is achieved using encryption, authentication and authorization mechanisms. Attribute key generation is proposed for implementing authorization of users. The proposed system is prevented by SQL Injection attack.

Aiming at the increasing popularity of mobile terminals, a CP-ABE scheme adapted to lightweight decryption at the mobile end is proposed. The scheme has the function of supporting timely attributes revocation and policy hiding. Firstly, we will introduce the related knowledge of attribute base encryption. After that, we will give a specific CP-ABE solution. Finally, in the part of the algorithm analysis, we will give analysis performance and related security, and compare this algorithm with other algorithms.

Cloud storage service makes it very convenient for people to access and share data. At the same time, the confidentiality and privacy of user data is also facing great challenges. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme is widely considered to be the most suitable security access control technology for cloud storage environment. Aiming at the problem of privacy leakage caused by single-cloud CP-ABE which is commonly adopted in the current schemes, this paper proposes a privacy-preserving CP-ABE access control scheme using multi-cloud architecture. By improving the traditional CP-ABE algorithm and introducing a proxy to cut the user's private key, it can ensure that only a part of the user attribute set can be obtained by a single cloud, which effectively protects the privacy of user attributes. Meanwhile, the intermediate logical structure of the access policy tree is stored in proxy, and only the leaf node information is stored in the ciphertext, which effectively protects the privacy of the access policy. Security analysis shows that our scheme is effective against replay and man-in-the-middle attacks, as well as user collusion attack. Experimental results also demonstrates that the multi-cloud CP-ABE does not significantly increase the overhead of storage and encryption compared to the single cloud scheme, but the access control overhead decreases as the number of clouds increases. When the access policy is expressed with a AND gate structure, the decryption overhead is obviously less than that of a single cloud environment.

Platoon is one of cooperative driving applications where a set of vehicles can collaboratively sense each other for driving safety and traffic efficiency. However, platoon without security insurance makes the cooperative vehicles vulnerable to cyber-attacks, which may cause life-threatening accidents. In this paper, we introduce malicious attacks in platoon maneuvers. To defend against these attacks, we propose a Cyphertext-Policy Attribute-Based Encryption (CP-ABE) based Platoon Secure Sensing scheme, named CPSS. In the CPSS, platoon key is encapsulated in the access control structure in the key distribution process, so that interference messages sending by attackers without the platoon key could be ignored. Therefore, the sensing data which contains speed and position information can be protected. In this way, speed and distance fluctuations caused by attacks can be mitigated even eliminated thereby avoiding the collisions and ensuring the overall platoon stability. Time complexity analysis shows that the CPSS is more efficient than that of the polynomial time solutions. Finally, to evaluate capabilities of the CPSS, we integrate a LTE-V2X with platoon maneuvers based on Veins platform. The evaluation results show that the CPSS outperforms the baseline algorithm by 25% in terms of distance variations.

Most searchable attribute-based encryption schemes only support the search for single-keyword without attribute revocation, the data user cannot quickly detect the validity of the ciphertext returned by the cloud service provider. Therefore, this paper proposes an authorization of searchable CP-ABE scheme with attribute revocation and applies the scheme to the cloud computing environment. The data user to send the authorization information to the authorization server for authorization, assists the data user to effectively detect the ciphertext information returned by the cloud service provider while supporting the revocation of the user attribute in a fine-grained access control structure without updating the key during revocation stage. In the random oracle model based on the calculation of Diffie-Hellman problem, it is proved that the scheme can satisfy the indistinguishability of ciphertext and search trapdoor. Finally, the performance analysis shows that the scheme has higher computational efficiency.

Internet of Things (IoT) and cloud computing are promising technologies that change the way people communicate and live. As the data collected through IoT devices often involve users' private information and the cloud is not completely trusted, users' private data are usually encrypted before being uploaded to cloud for security purposes. Searchable encryption, allowing users to search over the encrypted data, extends data flexibility on the premise of security. In this paper, to achieve the accurate and efficient ciphertext searching, we present an efficient multi-keyword ranked searchable encryption scheme supporting ciphertext-policy attribute-based encryption (CP-ABE) test (MRSET). For efficiency, numeric hierarchy supporting ranked search is introduced to reduce the dimensions of vectors and matrices. For practicality, CP-ABE is improved to support access right test, so that only documents that the user can decrypt are returned. The security analysis shows that our proposed scheme is secure, and the experimental result demonstrates that our scheme is efficient.

Ciphertext storage can effectively solve the security problems in cloud storage, among which the ciphertext policy attribute-based encryption (CP-ABE) is more suitable for ciphertext access control in cloud storage environment for it can achieve one-to-many ciphertext sharing. The existing attribute encryption scheme CP-ABE has problems with revocation such as coarse granularity, untimeliness, and low efficiency, which cannot meet the demands of cloud storage. This paper proposes an RCP-ABE scheme that supports real-time revocable fine-grained attributes for the existing attribute revocable scheme, the scheme of this paper adopts the version control technology to realize the instant revocation of the attributes. In the key update mechanism, the subset coverage technology is used to update the key, which reduces the workload of the authority. The experimental analysis shows that RCP-ABE is more efficient than other schemes.

Blockchains are emerging technologies that propose new business models and value propositions. Besides their application for cryptocurrency purposes, as distributed ledgers of transactions, they enable new ways to provision trusted information in a distributed fashion. In this paper, we present our product tagging solution designed to help Small & Medium Enterprises (SMEs) protect their brands against counterfeit products and parallel markets, as well as to enhance UX (User Experience) and promote the brand and product.Our solution combines the use of DLT to assure, in a verifiable and permanent way, the trustworthiness and confidentiality of the information associated to the goods and the innovative CP-ABE encryption technique to differentiate accessibility to the product's information.

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems, such as content distribution, mobility, and security. Named Data Networking (NDN) is a more popular ICN project. However, concern regarding the protection of user data persists. Information caching in NDN decouples content and content publishers, which leads to content security threats due to lack of secure controls. Therefore, this paper presents a CP-ABE (ciphertext policy attribute based encryption) access control scheme based on hash table and data segmentation (CHTDS). Based on data segmentation, CHTDS uses a method of linearly splitting fixed data blocks, which effectively improves data management. CHTDS also introduces CP-ABE mechanism and hash table data structure to ensure secure access control and privilege revocation does not need to re-encrypt the published content. The analysis results show that CHTDS can effectively realize the security and fine-grained access control in the NDN environment, and reduce communication overhead for content access.

Ciphertext Policy Attribute Based Encryption techniques provide fine grained access control to securely share the data in the organizations where access rights of users vary according to their roles. We have noticed that various key delegation mechanisms are provided for CP-ABE schemes but no key delegation mechanism exists for CP-ABE with hidden access policy. In practical, users' identity may be revealed from access policy in the organizations and unlimited further delegations may results in unauthorized data access. For maintaining the users' anonymity, the access structure should be hidden and every user must be restricted for specified further delegations. In this work, we have presented a flexible secure key delegation mechanism for CP-ABE with hidden access structure. The proposed scheme enhances the capability of existing CP-ABE schemes by supporting flexible delegation, attribute revocation and user revocation with negligible enhancement in computational cost.

Users can directly access and share information from portable devices such as a smartphone or an Internet of Things (IoT) device. However, to prevent them from becoming victims to launch cyber attacks, they must allow selective sharing based on roles of the users such as with the Ciphertext-Policy Attribute Encryption (CP-ABE) scheme. However, to match the resource constraints, the scheme must be efficient for storage. It must also protect the device from malicious users as well as allow uninterrupted access to valid users. This paper presents the CCA secure PROxy-based Scalable Revocation for Constant Cipher-text (C-PROSRCC) scheme, which provides scalable revocation for a constant ciphertext length CP-ABE scheme. The scheme has a constant number of pairings and computations. It can also revoke any number of users and does not require re-encryption or redistribution of keys. We have successfully implemented the C-PROSRCC scheme. The qualitative and quantitative comparison with related schemes indicates that C-PROSRCC performs better with acceptable overheads. C-PROSRCC is Chosen Ciphertext Attack (CCA) secure. We also present a case study to demonstrate the use of C-PROSRCC for mobile-based selective sharing of a family car.