Visible to the public Biblio

Filters: Keyword is access policy  [Clear All Filters]
Wah Myint, Phyo Wah, Hlaing, Swe Zin, Htoon, Ei Chaw.  2020.  EAC: Encryption Access Control Scheme for Policy Revocation in Cloud Data. 2020 International Conference on Advanced Information Technologies (ICAIT). :182—187.

Since a lot of information is outsourcing into cloud servers, data confidentiality becomes a higher risk to service providers. To assure data security, Ciphertext Policy Attributes-Based Encryption (CP-ABE) is observed for the cloud environment. Because ciphertexts and secret keys are relying on attributes, the revocation issue becomes a challenge for CP-ABE. This paper proposes an encryption access control (EAC) scheme to fulfill policy revocation which covers both attribute and user revocation. When one of the attributes in an access policy is changed by the data owner, the authorized users should be updated immediately because the revoked users who have gained previous access policy can observe the ciphertext. Especially for data owners, four types of updating policy levels are predefined. By classifying those levels, each secret token key is distinctly generated for each level. Consequently, a new secret key is produced by hashing the secret token key. This paper analyzes the execution times of key generation, encryption, and decryption times between non-revocation and policy revocation cases. Performance analysis for policy revocation is also presented in this paper.

Pradhan, Ankit, R., Punith., Sethi, Kamalakanta, Bera, Padmalochan.  2020.  Smart Grid Data Security using Practical CP-ABE with Obfuscated Policy and Outsourcing Decryption. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1–8.
Smart grid consists of multiple different entities related to various energy management systems which share fine-grained energy measurements among themselves in an optimal and reliable manner. Such delivery is achieved through intelligent transmission and distribution networks composed of various stakeholders like Phasor Measurement Units (PMUs), Master and Remote Terminal Units (MTU and RTU), Storage Centers and users in power utility departments subject to volatile changes in requirements. Hence, secure accessibility of data becomes vital in the context of efficient functioning of the smart grid. In this paper, we propose a practical attribute-based encryption scheme for securing data sharing and data access in Smart Grid architectures with the added advantage of obfuscating the access policy. This is aimed at preserving data privacy in the context of competing smart grid operators. We build our scheme on Linear Secret Sharing (LSS) Schemes for supporting any monotone access structures and thus enhancing the expressiveness of access policies. Lastly, we analyze the security, access policy privacy and collusion resistance properties of our cryptosystem and provide an efficiency comparison as well as experimental analysis using the Charm-Crypto framework to validate the proficiency of our proposed solution.
Huo, Weiqian, Pei, Jisheng, Zhang, Ke, Ye, Xiaojun.  2014.  KP-ABE with Attribute Extension: Towards Functional Encryption Schemes Integration. 2014 Sixth International Symposium on Parallel Architectures, Algorithms and Programming. :230—237.

To allow fine-grained access control of sensitive data, researchers have proposed various types of functional encryption schemes, such as identity-based encryption, searchable encryption and attribute-based encryption. We observe that it is difficult to define some complex access policies in certain application scenarios by using these schemes individually. In this paper, we attempt to address this problem by proposing a functional encryption approach named Key-Policy Attribute-Based Encryption with Attribute Extension (KP-ABE-AE). In this approach, we utilize extended attributes to integrate various encryption schemes that support different access policies under a common top-level KP-ABE scheme, thus expanding the scope of access policies that can be defined. Theoretical analysis and experimental studies are conducted to demonstrate the applicability of the proposed KP-ABE-AE. We also present an optimization for a special application of KP-ABE-AE where IPE schemes are integrated with a KP-ABE scheme. The optimization results in an integrated scheme with better efficiency when compared to the existing encryption schemes that support the same scope of access policies.

Liu, Zechao, Wang, Xuan, Cui, Lei, Jiang, Zoe L., Zhang, Chunkai.  2017.  White-box traceable dynamic attribute based encryption. 2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC). :526–530.
Ciphertext policy attribute-based encryption (CP-ABE) is a promising technology that offers fine-grained access control over encrypted data. In a CP-ABE scheme, any user can decrypt the ciphertext using his secret key if his attributes satisfy the access policy embedded in the ciphertext. Since the same ciphertext can be decrypted by multiple users with their own keys, the malicious users may intentionally leak their decryption keys for financial profits. So how to trace the malicious users becomes an important issue in a CP-ABE scheme. In addition, from the practical point of view, users may leave the system due to resignation or dismissal. So user revocation is another hot issue that should be solved. In this paper, we propose a practical CP-ABE scheme. On the one hand, our scheme has the properties of traceability and large universe. On the other hand, our scheme can solve the dynamic issue of user revocation. The proposed scheme is proved selectively secure in the standard model.
Kan Yang, Xiaohua Jia, Kui Ren, Ruitao Xie, Liusheng Huang.  2014.  Enabling efficient access control with dynamic policy updating for big data in the cloud. INFOCOM, 2014 Proceedings IEEE. :2013-2021.

Due to the high volume and velocity of big data, it is an effective option to store big data in the cloud, because the cloud has capabilities of storing big data and processing high volume of user access requests. Attribute-Based Encryption (ABE) is a promising technique to ensure the end-to-end security of big data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct access control schemes. A trivial implementation is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the cloud. This method incurs a high communication overhead and heavy computation burden on data owners. In this paper, we propose a novel scheme that enabling efficient access control with dynamic policy updating for big data in the cloud. We focus on developing an outsourced policy updating method for ABE systems. Our method can avoid the transmission of encrypted data and minimize the computation work of data owners, by making use of the previously encrypted data with old access policies. Moreover, we also design policy updating algorithms for different types of access policies. The analysis show that our scheme is correct, complete, secure and efficient.