Abstract
The great benefits introduced by big data analysis technology motivate both individuals and enterprises to collect and share the data over the internet. Although cloud storage provides a perfect platform for data sharing, the security issue becomes the principal obstacle to preventing users from outsourcing their data to cloud servers, especially when the data involve sensitive information. As a new variant of public-key encryption scheme, attribute-based encryption (ABE) provides a fuzzy matching between the data encryptor and decryptor. That is, the encryptor ensures that all those users with attributes satisfying the defined access policy can decrypt the shared data, but cannot identify which one can do that. Thus, the ABE scheme can preserve user privacy, and is regarded as a promising solution of securing data sharing in the cloud storage system. But the original ABE scheme cannot be directly deployed for several practical issues, such as key exposure and user revocation. In this paper, we simultaneously conquer the above two issues and put forward a forward and backward secure ciphertext-policy ABE scheme such that a revealed user secret key is useless for decrypting any ciphertexts. The proposed forward and backward secure ABE scheme is proved secure under a q-type assumption in the selective model, without random oracles. The performance discussion indicates that the proposed scheme provides stronger security guarantees than other similar ABE schemes, and thus is more desirable for cloud storage systems.
Similar content being viewed by others
Notes
Here we do not provide the computation cost of these listed ABE schemes. In fact, the computation cost consists with the storage/communication cost, and also depends on these numbers in Table 1.
References
Abdalla M, Reyzin L (2000) A new forward-secure digital signature scheme. In: Advances in cryptology-ASIACRYPT 2000, Springer, pp 116–129
Anderson R (1997) Two remarks on public key cryptology. Unpublished Available from http://www.clcamacuk/users/rja14
Attrapadung N, Imai H (2009) Attribute-based encryption supporting direct/indirect revocation modes. In: IMA international conference on cryptography and coding, Springer, pp 278–300
Beimel A (1996) Secure schemes for secret sharing and key distribution. Ph.D. thesis, Technion-Israel Institute of technology, Faculty of computer science
Bellare M, Miner SK (1999) A forward-secure digital signature scheme. In: Advances in cryptology CRYPTO99, Springer, pp 431–448
Boldyreva A, Goyal V, Kumar V (2008) Id-based encryption with efficient revocation. In: CCS 2008, ACM, pp 417–426
Canetti R, Halevi S, Katz J (2007) A forward-secure public-key encryption scheme. J Cryptol 20(3):265–294
Cui H, Deng RH, Li Y, Qin B (2016) Server-aided revocable attribute-based encryption. In: European symposium on research in computer security, Springer, pp 570–587
Fu Z, Sun X, Liu Q, Zhou L, Shu J (2015) Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Trans Commun 98(1):190–200
Fu Z, Huang F, Sun X, Vasilakos A, Yang CN (2016a) Enabling semantic search based on conceptual graphs over encrypted outsourced data. IEEE Trans Serv Comput. doi:10.1109/TSC.2016.2622697
Fu Z, Wu X, Guan C, Sun X, Ren K (2016b) Toward efficient multi-keyword fuzzy search over encrypted outsourced data with accuracy improvement. IEEE Trans Inf Forensics Secur 11(12):2706–2716
He D, Wang D, Xie Q, Chen K (2017a) Anonymous handover authentication protocol for mobile wireless networks with conditional privacy preservation. Sci China Inf Sci 60(5):104
He D, Wang H, Zhang J, Wang L (2017b) Insecurity of an identity-based public auditing protocol for the outsourced data in cloud storage. Inf Sci 375:48–53
Hong J, Xue K, Li W (2015) Security analysis of attribute revocation in multiauthority data access control for cloud storage systems. IEEE Trans Inf Forensics Secur 10(6):1315–1317
Huang X, Liu JK, Tang S, Xiang Y, Liang K, Xu L, Zhou J (2015) Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans Comput 64(4):971–983
Itkis G, Reyzin L (2001) Forward-secure signatures with optimal signing and verifying. In: Advances in cryptology crypto 2001, Springer, pp 332–354
Kiraz MS (2016) A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing. J Ambient Intell Humaniz Comput 7(5):731–760
Kitagawa T, Kojima H, Attrapadung N, Imai H (2015) Efficient and fully secure forward secure ciphertext-policy attribute-based encryption. In: 16th International conference on information security, Springer, pp 87–99
Kozlov A, Reyzin L (2003) Forward-secure signatures with fast key update. In: Security in communication networks, Springer, pp 241–256
Kumari S, Khan MK, Atiquzzaman M (2015) User authentication schemes for wireless sensor networks: a review. Ad Hoc Netw 27:159–194
Kumari S, Li X, Wu F, Das AK, Arshad H, Khan MK (2016) A user friendly mutual authentication and key agreement scheme for wireless sensor networks using chaotic maps. Future Gen Comput Syst 63:56–75
Kumari S, Li X, Wu F, Das AK, Choo KKR, Shen J (2017) Design of a provably secure biometrics-based multi-cloud-server authentication scheme. Future Gen Comput Syst 68:320–330
Li J, Li X, Wang L, He D, Ahmad H, Niu X (2017) Fuzzy encryption in cloud computation: efficient verifiable outsourced attribute-based encryption. Soft Comput. doi:10.1007/s00500-017-2482-1
Liang X, Li X, Lu R, Lin X, Shen X (2011) An efficient and secure user revocation scheme in mobile social networks. In: Global telecommunications conference (GLOBECOM 2011), IEEE, pp 1–5
Liu JK, Yuen TH, Zhou J (2011) Forward secure ring signature without random oracles. In: International conference on information and communications security, Springer, pp 1–14
Mayer-Schönberger V, Cukier K (2013) Big data: a revolution that will transform how we live, work, and think. Houghton Mifflin Harcourt
Okamoto T, Takashima K (2011) Efficient attribute-based signatures for non-monotone predicates in the standard model. In: Public key cryptography–PKC 2011, Springer, pp 35–52
Park Y, Sur C, Rhee KH (2016) Pseudonymous authentication for secure V2I services in cloud-based vehicular networks. J Ambient Intell Humaniz Comput 7(5):661–671
Rouselakis Y, Waters B (2013) Practical constructions and new proof methods for large universe attribute-based encryption. In: CCS 2013, ACM, pp 463–474
Sahai A, Waters B (2005) Fuzzy id-based encryption. In: Advances in cryptology–EUROCRYPT 2005, Springer, pp 457–473
Seo JH, Emura K (2013) Revocable id-based encryption revisited: Security model and construction. In: Public-key cryptography–PKC 2013, Springer, pp 216–234
Shi Y, Zheng Q, Liu J, Han Z (2015) Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Inf Sci 295:221–231
Wang D, He D, Wang P, Chu CH (2015) Anonymous two-factor authentication in distributed systems: certain goals are beyond attainment. IEEE Trans Depend Secur Comput 12(4):428–442
Wang H, He D, Shen J, Zheng Z, Zhao C, Zhao M (2016) Verifiable outsourced ciphertext-policy attribute-based encryption in cloud computing. Soft Comput. doi:10.1007/s00500-016-2271-2
Wang H, He D, Shen J, Zheng Z, Yang X, Au MH (2017) Fuzzy matching and direct revocation: a new CP-ABE scheme from multilinear maps. Soft Comput. doi:10.1007/s00500-017-2488-8
Waters B (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In: Public key cryptography–PKC 2011, Springer, pp 53–70
Wei J, Liu W, Hu X (2014) Forward-secure threshold attribute-based signature scheme. Comput J 58(10):2492–2506
Wei J, Liu W, Hu X (2015) Secure control protocol for universal serial bus mass storage devices. IET Comput Digit Tech 9(6):321–327
Wei J, Hu X, Liu W (2017a) Two-factor authentication scheme using attribute and password. Int J Commun Syst 30(1):1–14
Wei J, Liu W, Hu X (2017b) Forward-secure identity-based signature with efficient revocation. Int J Comput Math 94(7):1390–1411
Wu W, Hu S, Yang X, Liu JK, Au MH (2017) Towards secure and cost-effective fuzzy access control in mobile cloud computing. Soft Comput 21(10):2643–2649
Xia Z, Wang X, Sun X, Wang Q (2016a) A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Trans Parallel Distrib Syst 27(2):340–352
Xia Z, Wang X, Zhang L, Qin Z, Sun X, Ren K (2016b) A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Trans Inf Forensics Secur 11(11):2594–2608
Xu J, Wen Q, Li W, Shen J, He D (2016) Succinct multi-authority attribute-based access control for circuits with authenticated outsourcing. Soft Comput. doi:10.1007/s00500-016-2244-5
Yang K, Jia X, Ren K, Zhang B, Xie R (2013) Dac-macs: effective data access control for multiauthority cloud storage systems. IEEE Trans Inf Forensics Secur 8(11):1790–1801
Yu J, Hao R, Kong F, Cheng X, Fan J, Chen Y (2011a) Forward-secure identity-based signature: security notions and construction. Inf Sci 181(3):648–660
Yu J, Kong F, Cheng X, Hao R, Fan J (2011b) Forward-secure identity-based public-key encryption without random oracles. Fundam Inform 111(2):241–256
Yu S, Wang C, Ren K, Lou W (2010) Attribute based data sharing with attribute revocation. In: ASIACCS 2010, ACM, pp 261–270
Zhang M, Wu L, Wang XA, Yang X (2016) Unidirectional ibpre scheme from lattice for cloud computation. J Ambient Intell Humaniz Comput 7(5):623–631
Zhang Y, Wu A, Zheng D (2017) Efficient and privacy-aware attribute-based data sharing in mobile cloud computing. J Ambient Intell Humaniz Comput. doi: 10.1007/s12652-017-0509-1
Zhong H, Zhu W, Xu Y, Cui J (2016) Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Comput. doi:10.1007/s00500-016-2330-8
Acknowledgements
This work is supported by the National Nature Science Foundation of China (Nos. 61702549, 61502527, 61379150).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflicts of interest.
Ethical standard
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Wei, J., Hu, X., Liu, W. et al. Forward and backward secure fuzzy encryption for data sharing in cloud computing. Soft Comput 23, 497–506 (2019). https://doi.org/10.1007/s00500-017-2834-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-017-2834-x