In cloud storage, selectively sharing encrypted data is becoming increasingly important. One key design challenge is the management of encryption keys. Traditionally, a large quantity of encryption keys have to be managed by the data owner, and an equally large number of keyword trapdoors must be sent to the cloud for the purpose of searching over the shared data, which are cumbersome in terms of secure communication and management. Recently, key-aggregate (searchable) encryption schemes have been introduced to alleviate the problem. However, they were only designed under the Bilinear Diffie-Hellman Exponent assumption in the prior works. Lattice-based key-aggregate (searchable) encryption schemes are valuable, because they have security against quantum computing attacks, average-case to worse-case equivalence as well as simplicity and potential efficiency. Here we propose a key-aggregate encryption scheme and a key-aggregate searchable encryption scheme which are both based on a lattice problem (i.e., the Learning with Errors problem). Some key techniques are employed during the construction of the schemes. A basis delegation algorithm is designed to generate the aggregate key without increasing the lattice dimension. The encryption algorithms of the two schemes are trickily devised to make the encrypted files decryptable or searchable. To overcome the problem of general matrix multiplication failing to satisfy commutative law, a hash function is designed by using diagonalizable matrices to make the encrypted file decryptable and the trapdoor adjustable. We present the schemes' correctness proof, formal security analysis as well as performance analysis, which confirm that they are provably secure and practically efficient. To the best of our knowledge, the former is the first lattice-based key-aggregate encryption scheme and the latter is the first lattice-based key-aggregate searchable encryption scheme. We also demonstrate their application to cloud storage for searchable group data sharing by combining the two schemes. INDEX TERMS Cloud storage, searchable data sharing, key-aggregate encryption, key-aggregate searchable encryption, lattice-based problem, the learning with errors problem.
Trust Management(TM) aims to provide effective access control in open systems. It enables the resource owners to reason and determine the access permissions on the basis of a collection of distributed authorization knowledge about the requester. However, to be efficient, most current TM approaches are based on DATALOG which can't directly express the connotation of TM authorization policies. Thus these policies are hard to be understood and maintained by human beings. In this paper, we propose a new approach called OT based on the ontology language OWL 2 EL. OT supports the connotation expressible policies and remains efficient since its procedure of compliance checking is provable to be tractable. this paper is supported by grants from 863 High-tech Research and Development Program of China ( 2007AA1204040 and 2007AA1204050).
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.