Visible to the public KP-ABE Based Verifiable Cloud Access Control Scheme

TitleKP-ABE Based Verifiable Cloud Access Control Scheme
Publication TypeConference Paper
Year of Publication2013
AuthorsSi, Xiaolin, Wang, Pengpian, Zhang, Liwu
Conference Name2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Date PublishedJuly 2013
ISBN Number978-0-7695-5022-0
KeywordsAccess Control, authorisation, authorization policy, cloud computing, Collaboration, encoding, Games, key policy attribute based encryption, KP-ABE, KP-ABE scheme, mobile computing, mobile devices, mobile internet, nonmonotonic access structure, policy-based governance, private key cryptography, pubcrawl, Public key, public verifiable cloud access control scheme, public verifiable computation protocol, Scalability, user private key revocable key policy attribute based encryption scheme, verifiable computation, XACML, XACML policy

With the rapid development of mobile internet, mobile devices are requiring more complex authorization policy to ensure an secure access control on mobile data. However mobiles have limited resources (computing, storage, etc.) and are not suitable to execute complex operations. Cloud computing is an increasingly popular paradigm for accessing powerful computing resources. Intuitively we can solve that problem by moving the complex access control process to the cloud and implement a fine-grained access control relying on the powerful cloud. However the cloud computation may not be trusted, a crucial problem is how to verify the correctness of such computations. In this paper, we proposed a public verifiable cloud access control scheme based on Parno's public verifiable computation protocol. For the first time, we proposed the conception and concrete construction of verifiable cloud access control. Specifically, we firstly design a user private key revocable Key Policy Attribute Based Encryption (KP-ABE) scheme with non-monotonic access structure, which can be combined with the XACML policy perfectly. Secondly we convert the XACML policy into the access structure of KP-ABE. Finally we construct a security provable public verifiable cloud access control scheme based on the KP-ABE scheme we designed.

Citation Keysi_kp-abe_2013