The ISC International Journal of Information Security

Abstract The potential of Attribute-Based Encryption (ABE) in the context of IoT has driven researchers to propose pairing-free ABE schemes that are suitable for resource-constrained devices. Unfortunately, many of these schemes turned out to be insecure. This fact reinforces the view of some researchers according to which instantiating an Identity-Based Encryption (IBE) in plain Decisional Diffie-Hellman (DDH) groups is impossible. In this paper, we provide a generic Ciphertext-Policy ABE (CP-ABE) scheme supporting secret AND-gate policy using Inner-Product Functional Encryption (IPFE). We also propose an instantiation of our generic CP-ABE scheme based on the DDH assumption. From our generic CP-ABE scheme, we derive an IBE scheme by introducing the concept of Clustered Identity-Based Encryption (CIBE). Our schemes show that it is possible to construct secure IBE and ABE schemes based on the classical DDH assumption. An implementation of our CIBE in Python using the Charm framework is available on GitHub. 

Abstract Ciphertext-policy attribute-based encryption(CP-ABE) is considered a promising solution for secure data sharing in the cloud environment. Although very well expressiveness in ABE constructions can be achieved using a linear secret sharing scheme(LSSS), there is a significant drawback in such constructions. In the LSSS-based ABE constructions, the number of heavy pairing operations increases with an increase in the number of required attributes in the decryption. In this paper, we propose an LSSS-based CP-ABE scheme with a fixed number of pairings(four pairings) during the decryption process. In our scheme increasing the number of required attributes in the decryption does not affect the number of pairings. The simulation shows that our scheme has significant advantages in the encryption and the decryption processes compared to previous schemes. In addition, we use the outsourcing method in the decryption to get better performance on the user side. The main burden of decryption computations is done by the cloud without revealing any information about the plaintext. Furthermore, in our revocation method, the users’ communication channels are not used during the revocation process. All of these features make our scheme suitable for applications such as IoT. The proposed scheme is selectively CPA-secure in the standard model.

Abstract Reliable access control is a major challenge of cloud storage services. This paper presents a cloud-based file-sharing architecture with ciphertext-policy attribute-based encryption (CP-ABE) access control mechanism. In CP-ABE, the data owner can specify the ciphertext access structure, and if the user key satisfies this access structure, the user can decrypt the ciphertext. The trusted authority embeds the private key of each attribute in a so-called attribute access polynomial and stores its coefficients publicly on the cloud. By means of the access polynomial, each authorized user will be able to retrieve the private key of the attribute by using her/his owned pre-shard key. In contrast, the data owner encrypts the file with a randomly selected key, namely the cipher key. The data owner encrypts the cipher key by CP-ABE scheme with the desired policies. Further, the data owner can create a different polynomial called query access polynomial for multi-keyword searching. Finally, the data owner places the encrypted file along the encrypted cipher key and query access polynomial in the cloud. The proposed scheme supports fast attribute revocation using updating the corresponding access polynomial and re-encrypting the affected cipher keys by the cloud server. Moreover, most of the calculations at the decryption and searching phases are outsourced to the cloud server, thereby allowing the lightweight nodes with limited resources to act as data users. Our analysis shows that the proposed scheme is both secure and efficient.

Abstract Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.