1936 IEEE INTERNET OF THINGS JOURNAL, VOL. 4, NO. 6, DECEMBER 2017
outsourced decryption from CPA-secure ABE with outsourced
decryption, respectively.
Green and Ateniese [29] proposed a PRE in identity-based
encryption (IBE) scheme, in which the CTs can be transformed
from one identity to another. Canetti and Hohenberger [30]
proposed a definition of security against chosen CT attacks
for PRE schemes. An IBE PRE scheme was proposed in [31]
without random oracles. In [32], the first unidirectional PRE
scheme was proposed with chosen-CT security in the standard
model. Chow et al. [33] scheme gained high efficiency and
CCA security using the “token-controlled encryption” tech-
nique. Wang et al. [34] realized an identity-based PRE scheme
that can achieve IND-CCA2 secure. In contrast with requiring
users to be online all the time, a time-based PRE (Time-PRE)
scheme was presented in [35] to revoke a user’s access right
automatically after a predetermined period of time. In [36], the
PRE was proved to be useful as a method of adding access
control to the SFS read-only file system. This scheme also
achieves a stronger notion of security.
III. P
RELIMINARIES
A. Bilinear Maps
Let G
0
and G
1
be two multiplicative cyclic groups of prime
order p and g be the generator of G
0
. The bilinear map e is,
e : G
0
× G
0
→ G
1
, for all a, b ∈ Z
p
.
1) Bilinearity: ∀u, v ∈ G
1
, e(u
a
, v
b
) = e(u, v)
ab
.
2) Nondegeneracy: e(g, g) = 1.
3) Symmetric: e(g
a
, g
b
) = e(g, g)
ab
= e(g
b
, g
a
).
B. Discrete Logarithm Problem
Let G be a multiplicative cyclic group of prime order p and
g be its generator. Given a tuple <g, g
x
>, where g ∈
R
G and
x ∈ Z
P
are chosen as input uniformly at random, the discrete
logarithm (DL) problem is to recover x.
Definition 1: The DL assumption holds in G is that no
probabilistic polynomial-time algorithm A can solve the DL
problem with negligible advantage. We define the advantage
of A as follows:
Pr
A < g, g
x
>= x
.
The probability is over the generator g, randomly chosen x,
and the random bits consumed by A.
C. Structure in Ciphertext-Policy Attribute-Based Encryption
Definition 2: Let P ={P
1
, P
2
,...,P
n
} be a set of partic-
ipants, let U = 2
{P
1
,P
2
,...,P
n
}
be the universal set. If ∃AS ⊆
U\{∅}, then AS can be viewed as an access structure. If
A ∈ AS, ∀B ∈ U, A ⊆ B, and B ∈ AS, AS is considered as
a monotonic AS. Then the sets in AS are defined as authorized
sets, while the other sets are regarded as unauthorized sets.
To achieve fine-grained access control, we utilize the CT
policy ABE scheme. For ease of partition, we adopt the
Bethencourt’s scheme in [12], in which the AS is illustrated
by an access tree.
Let T be an access tree, and the root node is denoted by
R. All the leaves represent the attributes, while the interior
nodes represent the threshold gates, described by its children
and a threshold value, such as AND (n of n), OR (1 of n),
and n of m (m > n).
At the beginning of the encryption, we randomly choose
a secret s and conduct a polynomial for each node from top
to bottom, while the decryption order is reverse.
Additionally, some functions are necessary to be introduced.
We use parent(x) to get the parent of the node x. The func-
tion att(x) is used only if x is a leaf node and returns the
attribute associated with the leaf node x in the tree. The func-
tion index(x) returns the number associated with the node x,
where the index values are uniquely assigned to nodes in
the tree.
To retrieve the secret, we define the Lagrange coefficient
i,S
as follows.
For i ∈ Z
p
, and for ∀x ∈ S
i,S(x)
=
j∈S,j=i
x − j
i − j
.
D. (t, n) Threshold Secret Sharing
Secret sharing scheme is used for sharing a secret among
a group of parties, each of whom only obtain a piece of the
secret (namely a share of the secret). No single party can infer
any information about the secret with its own share. The only
way to reconstruct the secret is to combine a certain number
of shares.
The most basic secret sharing scheme is (t, n) threshold
scheme, which was first proposed by Shamir [37]. In his
scheme, a secret divided into n parts can be recovered only if
at least t parts are collected. This idea has already been used
to implement the tree-AS.
IV. D
EFINITIONS
A. Definition of System Model
Our system consists of four entities, namely DO, CS,
attribute authority (AA), and data requester/receiver (DR).
Both DOs and DRs are users.
1) Data Owners (DO): DO decide the access policy and
encrypt the data with CP-ABE. The encrypted data will be
uploaded to the CSs. DO are assumed to be honest in the
system.
2) Data Requester/Receivers (DRs): DR sends the decryp-
tion request to cloud and obtain the CTs over the Internet.
Only when their attributes satisfy the access policies of the
CT, can they get access to the plaintexts. DRs may collude to
access the data that is otherwise not accessible individually.
3) Cloud Servers (CSs): CSs are responsible for storing
a massive volume of data. They cannot be trusted by DO.
Hence, it is necessary for DO to define the access policy to
ensure the data confidentiality. CSs are assumed not to collude
with DR.
4) Attribute Authority (AA): AA is responsible for regis-
tering users, evaluating their attributes and generating their
SK accordingly. It runs the Setup algorithm, and issues public
key (PK) and master key (MK) to each DO. It is considered
as fully trusted.
剩余10页未读,继续阅读
weixin_38629303
- 粉丝: 4
- 资源: 868
我的内容管理
展开
最新资源
- 前端面试必问:真实项目经验大揭秘
- 永磁同步电机二阶自抗扰神经网络控制技术与实践
- 基于HAL库的LoRa通讯与SHT30温湿度测量项目
- avaWeb-mast推荐系统开发实战指南
- 慧鱼SolidWorks零件模型库:设计与创新的强大工具
- MATLAB实现稀疏傅里叶变换(SFFT)代码及测试
- ChatGPT联网模式亮相,体验智能压缩技术.zip
- 掌握进程保护的HOOK API技术
- 基于.Net的日用品网站开发:设计、实现与分析
- MyBatis-Spring 1.3.2版本下载指南
- 开源全能媒体播放器:小戴媒体播放器2 5.1-3
- 华为eNSP参考文档:DHCP与VRP操作指南
- SpringMyBatis实现疫苗接种预约系统
- VHDL实现倒车雷达系统源码免费提供
- 掌握软件测评师考试要点:历年真题解析
- 轻松下载微信视频号内容的新工具介绍
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
