Authors: Runhua Xu; Bo Lang
Addresses: State Key Laboratory of Software Development Environment, School of Computer Science and Engineering, Beihang University, 100191, Beijing, China ' State Key Laboratory of Software Development Environment, School of Computer Science and Engineering, Beihang University, 100191, Beijing, China
Abstract: With flexible and scalable features for fine-grained access control, ciphertext policy attribute-based encryption (CP-ABE) is widely used as a kind of data protection mechanism in cloud computing. However, the access policy of CP-ABE scheme may contain sensitive information which causes privacy revelation of the data provider or receiver. Some papers proposed hidden policy CP-ABE schemes, which were based on And-gate access structure whose expressive ability of access policy was limited. CP-ABE with the tree-based access structure has stronger expressive ability and more flexible access control capability. Therefore, it has broad application prospects compared to other mechanisms. This paper proposed a tree-based access structure CP-ABE scheme with hidden policy (CP-ABE-HP), and also proved that the scheme had chosen-plaintext attack (CPA) security. CP-ABE-HP could both protect the policy and had flexible access control capability. Then, considering the characteristics of cloud computing environment, the paper constructed a new self-contained data protection mechanism based on CP-ABE-HP, which could provide reliable and flexible security control to the data in cloud.
Keywords: ciphertext policy; attribute-based encryption; CP-ABE; access control; hidden policy; self-contained data protection; cloud computing; tree-based access; chosen-plaintext attacks; cloud security; privacy protection; privacy preservation.
International Journal of Cloud Computing, 2015 Vol.4 No.4, pp.279 - 298
Available online: 19 Jan 2016Full-text access for editors Access for subscribers Purchase this article Comment on this article