Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area. However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices. Moreover, data owners should be able to update their defined access policies efficiently, and in some cases, applying hidden access policies is required to preserve the privacy of clients and data. In this paper, we propose a ciphertext-policy attribute-based access control scheme which for the first time provides online/offline encryption, hidden access policy, and access policy update simultaneously. In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly. Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties. Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider. In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key. Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations. The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions. Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.
翻译:以属性为基础的加密( ABE) 是一个很有希望的加密机制, 用于在云基区域提供保密和精密访问控制。 但是, 由于计算管理费用高, 共同的 ABE 计划不适合资源限制的装置。 此外, 数据所有者应该能够有效地更新其定义的访问政策, 在某些情况下, 应用隐藏访问政策来保护客户和数据的隐私。 在本文件中, 我们提议了一个基于密码政策属性的访问控制机制, 首次提供在线/ 离线加密、 隐藏访问政策和访问政策更新。 在我们的方案中, 资源限制分析设备配备了在线/ offline加密, 大大降低了加密管理费用。 此外, 访问政策的性质隐藏了这样的属性, 满足了访问政策的其他当事方无法猜测。 此外, 数据所有者可以更新其定义的访问政策, 同时将更新进程的大部分内容外包给云服务提供商。 特别是, 我们引入了盲点访问政策, 使云服务提供者能够更新数据所有访问政策, 而不同时接收新的再加密密码, 访问分析结果分析结果的结果大大降低了加密 。 此外, 我们的计算方案将支持快速的计算, 。 。 和 正在验证 。