Attribute-Based Data Sharing Scheme Revisited in Cloud Computing
Abstract : Ciphertext-policy attribute-based encryption (CPABE) is a promising encryption technology for secure data sharing in cloud computing, in which data owner can fully control access structure associated with a ciphertext. However, it brings a major drawback which is known as key escrow problem, since the decryption users’ secret keys are issued by an unconditionally trusted third party (i.e. key authority). In addition, there is another problem that most of CP-ABE schemes cannot express arbitrary-state attributes. In this paper, we revisited attributebased data sharing scheme in order to solve the key escrow issue and improve the ability of attribute expression in cloud computing.An improved two-party key issuing protocol ensures that neither key authority nor cloud service provider can generate the whole secret keys of users individually. Moreover, the function of weighted attribute is provided to enhance the attribute expression, which can not only extend attributes from binary state to arbitrary states, but also reduce the complexity of access policy associated with a ciphertext. Therefore, both ciphertext storage and time cost in encryption are saved. The performance analysis and security proof show that the proposed scheme is efficient to securely achieve data sharing in cloud computing.
? In our scheme, expensive bilinear pairing operation in KP-ABE replaces with point scalar multiplication on ECC and makes a lightweight data sharing scheme which is quite suitable for using in computationally limited devices such as smart phones.
? Our proposed scheme also presents two important security requirements, user revocability and DoS attack resiliency.
? Finally, we compare the lightweight feature of our scheme with the existing ABE schemes and show that it is more efficient and practical than others.
? Since bilinear mapping and modular exponentiation are expensive operations, most of the existing RSA based ABE schemes suffer from high encryption and decryption overhead.
? we propose an improved key issuing protocol to resolve the key escrow problem of CP-ABE in cloud computing.
? The protocol can prevent KA and CSP from knowing each other’s master secret key so that none of them can create the whole secret keys of users individually.
? Thus, the fully trusted KA can be semi-trusted in the proposed scheme. In this case, data confidentiality and privacy can be ensured.
? we present weighted attribute to enhance the expression of attribute.
? The weighted attribute can not only express arbitrary-state attributes instead of the traditional binary state, but also reduce the complexity of access policy.
• A privacy aware smart health access control system (PASH) is proposed in, where a large universe CP-ABE scheme with partially hidden access policies is introduced to deal with both data security and user privacy issues.
• It takes charge of computing corresponding private keys for users and publishes the keys among them. It also is responsible for revoking the users.
• The AA is assumed to be honest but curious, that is, it will not deny services to any authorized users and it will correctly follow the proposed protocol, but it is curious about the data content and it would like to obtain as much private information as possible.
? We also observe that all experimental results are gradually increasing and approximately follow a linear relationship with the number of weighted attributes.
? Therefore, with a small error tolerance, we estimate their limit values, where the mathematical expressions are computed by using the mean algorithm.
? When N ? 8, the limit value of space saving in CP-WABE-RE scheme is approximately equal to 48.39% comparing to .
? The cost is reduced by nearly half in theory which is consistent with the above efficiency analysis. Comparing with our scheme and, the saved storage cost is approximately 64.47% which matches the corresponding limit value in theory.
|