Abstract
Attribute-based encryption with keyword search (ABKS) enables data owners to grant their search capabilities to other users by enforcing an access control policy over the outsourced encrypted data. However, existing ABKS schemes cannot guarantee the privacy of the access structures, which may contain some sensitive private information. Furthermore, resulting from the exposure of the access structures, ABKS schemes are susceptible to an off-line keyword guessing attack if the keyword space has a polynomial size. To solve these problems, we propose a novel primitive named hidden policy ciphertext-policy attribute-based encryption with keyword search (HP-CPABKS). With our primitive, the data user is unable to search on encrypted data and learn any information about the access structure if his/her attribute credentials cannot satisfy the access control policy specified by the data owner. We present a rigorous selective security analysis of the proposed HP-CPABKS scheme, which simultaneously keeps the indistinguishability of the keywords and the access structures. Finally, the performance evaluation verifies that our proposed scheme is efficient and practical.
创新点
在基于属性的可检索加密方案中, 数据拥有者可以通过设定访问控制策略将自己的密文检索能力授权给其他用户, 实现了云环境下的数据共享。但是, 现有基于属性的可检索方案都未考虑密文策略的隐私性, 因此无法抵抗关键字猜测攻击。为了解决以上问题, 本文使用非对称双线性映射, 提出了一种可抵抗关键字猜测攻击的隐藏策略属性基可检索加密方案HP-CPABKS, 成功实现密文策略的隐藏, 从而抵抗了关键字猜测攻击。且通过理论和实验分析了其效率。
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Zheng Q, Xu S, Ateniese G. VABKS: verifiable attribute-based keyword search over outsourced encrypted data. In: Proceedings of IEEE Conference on Computer Communications, INFOCOM, Toronto, 2014. 522–530
Sun W, Yu S, Lou W, et al. Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud. In: Proceedings of IEEE Conference on Computer Communications, INFOCOM, Toronto, 2014. 226–234
Sahai A, Waters B. Fuzzy identity-based encryption. In: Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques. London: Springer, 2005. 457–473
Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, 2006. 89–98
Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, 2007. 195–203
Attrapadung N, Libert B, de Panafieu E. Expressive key-policy attribute-based encryption with constant-size ciphertexts. In: Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography. London: Springer, 2011. 90–108
Rao Y S, Dutta R. Computationally efficient expressive key-policy attribute based encryption schemes with constantsize ciphertext. In: Proceedings of the 15th International Conference on Information and Communications Security, ICICS, Beijing, 2013. 346–362
Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, 2007. 321–334
Cheung L, Newport C. Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, 2007. 456–465
Emura K, Miyaji A, Nomura A, et al. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: Proceedings of the 5th International Conference on Information Security Practice and Experience, Xi’an, 2009. 13–23
Waters B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography. Berlin: Springer, 2011. 53–70
Byun J W, Rhee H S, Park H A, et al. Off-line keyword guessing attacks on recent keyword search schemes over encrypted data. In: Proceedings of the 3rd VLDB International Conference on Secure Data Management. London: Springer, 2006. 75–83
Xu P, Jin H, Wu Q, et al. Public-key encryption with fuzzy keyword search: a provably secure scheme under keyword guessing attack. IEEE Trans Comput, 2013, 62: 2266–2277
Fang L, Susilo W, Ge C, et al. Public key encryption with keyword search secure against keyword guessing attacks without random oracle. Inf Sci, 2013, 238: 221–241
Nishide T, Yoneyama K, Ohta K. Attribute-based encryption with partially hidden encryptor-specified access structures. In: Proceedings of the 6th International Conference on Applied Cryptography and Network Security, New York, 2008. 111–129
Lai J, Deng R H, Li Y. Fully secure ciphertext-policy hiding CP-ABE. In: Proceedings of the 7th International Conference on Information Security Practice and Experience, Guangzhou, 2011. 24–39
Li X, Gu D, Ren Y, et al. Efficient ciphertext-policy attribute based encryption with hidden policy. In: Proceedings of the 5th International Workshop on Internet and Distributed Computing Systems, Melbourne, 2012. 146–159
Lai J, Deng R H, Li Y. Expressive CP-ABE with partially hidden access structures. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, Seoul, 2012. 18–19
Boneh D, Boyen X, Goh E J. Hierarchical identity based encryption with constant size ciphertext. In: Proceedings of the 24th Annual International Conference on Theory and Applications of Cryptographic Techniques. London: Springer, 2005. 440–456
Kapadia A, Tsang P P, Smith S W. Attribute-based publishing with hidden credentials and hidden policies, In: Proceedings of the 14th Annual Network and Distributed System Security Symposium, San Diego, 2007. 179–192
Herranz J, Laguillaumie F, Ráfols C. Constant size ciphertexts in threshold attribute-based encryption. In: Proceedings of the 13th International Conference on Practice and Theory in Public Key Cryptography. London: Springer, 2010. 19–34
Goyal V, Jain A, Pandey O, et al. Bounded ciphertext policy attribute based encryption. In: Proceedings of the 35th International Colloquium on Automata, Languages and Programming, Reykjavik, 2008. 579–591
Lewko A, Okamoto T, Sahai A, et al. Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Proceedings of the 29th Annual International Conference on Theory and Applications of Cryptographic Techniques. London: Springer, 2010. 62–91
Bellare M, Canetti R, Krawczyk H. Keying hash functions for message authentication. In: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology. London: Springer, 1996. 1–15
Bradshaw R W, Holt J E, Seamons K E. Concealing complex policies with hidden credentials. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, 2004. 146–157
Nishide T. Cryptographic schemes with minimum disclosure of private information in attribute-based encryption and multiparty computation. Dissertation for Ph.D. Degree. Tokyo: University of Electro-Communications, 2008
Schwartz J T. Fast probabilistic algorithms for verification of polynomial identities. J ACM, 1980, 27: 701–717
Zippel R. Probabilistic algorithms for sparse polynomials. In: Proceedings of the International Symposiumon on Symbolic and Algebraic Computation. London: Springer, 1979. 216–226
The java pairing based cryptography library. http://gas.dia.unisa.it/projects/jpbc/The java pairing based cryptography library. http://gas.dia.unisa.it/projects/jpbc
de Caro A, Iovino V. jPBC: Java pairing based cryptography. In: Proceedings of IEEE Symposium on Computers and Communications (ISCC), Kerkyra, 2011. 850–855
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Qiu, S., Liu, J., Shi, Y. et al. Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack. Sci. China Inf. Sci. 60, 052105 (2017). https://doi.org/10.1007/s11432-015-5449-9
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-015-5449-9