Attribute-based Encryption for Cloud Computing Access Control

Zhang, Yinghui; Deng, Robert H.; Xu, Shengmin; Sun, Jianfei; Li, Qi; Zheng, Dong

doi:10.1145/3398036

Cited by 93 publications

(53 citation statements)

References 110 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ABE has been shown to have applications in many areas, e.g., electronic health-record (EHR) systems [13] and searchable encryption [14], [15]. However, in public cloud storage, CP-ABE is more practical [16]. Although a variety of protocols [17], [18] have been designed for cloud access control using CP-ABE, many other challenges still exist.…”

Section: Related Workmentioning

confidence: 99%

A Practical and Efficient Bidirectional Access Control Scheme for Cloud-Edge Data Sharing

Cui

Zhong

et al. 2022

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

The cloud computing paradigm provides numerous tempting advantages, enabling users to store and share their data conveniently. However, users are naturally resistant to directly outsourcing their data to the cloud since the data often contain sensitive information. Although several fine-grained access control schemes for cloud-data sharing have been proposed, most of them focus on the access control of the encrypted data (e.g., restricting the decryption capabilities of the receivers). Distinct from the existing work, this paper aims to address this challenging problem by developing a more practical bidirectional fine-grained access control scheme that can restrict the capabilities of both senders and receivers. To this end, we systematically investigate the access control for cloud data sharing. Inspired by the access control encryption (ACE), we propose a novel data sharing framework that combines the cloud side and the edge side. The edge server is located in the middle of all the communications, checking and preventing illegal communications according to the predefined access policy. Next, we develop an efficient access control algorithm by exploiting the attribute-based encryption and proxy re-encryption for the proposed framework. The experimental results show that our scheme exhibits superior performance in the encryption and decryption compared to the prior work.

show abstract

Section: Related Workmentioning

confidence: 99%

A Practical and Efficient Bidirectional Access Control Scheme for Cloud-Edge Data Sharing

Cui

Zhong

et al. 2022

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

show abstract

“…For providing privacy‐aware aggregate authentication, an anonymous certificate‐less aggregate signature scheme 30 was studied. Further, the security services can provide secure communication channels against external attackers, trust management, and privacy issues delt in Zhang et al 31 For further details, one can refer to previous works 28,29,32 …”

Section: Background Knowledgementioning

confidence: 99%

Blockchain‐based patient centric health care communication system

Naresh¹,

Reddi²,

Allavarpu

2021

Int J Communication

View full text Add to dashboard Cite

Summary The rapid increase in health care data breaches with the existing centralized systems emphasizes a decentralized health care system while ensuring reliability, privacy, security, and trust. Further, to ensure trust in the medical community, scientist, and pharmaceutical, it is essential to improve the quality of health care data management. In this direction, we proposed a blockchain‐based decentralized privacy‐preserving EMR management (DPEM), which can ensure accountability and integrity. We propose a four‐layered framework for DPEM consisting of a data preparation layer, access control and security layer, data sharing layer, and data storage layer with the objectives: (i) To provide privacy‐preserving in DPEM, we propose a new elliptic curve‐based content extraction signature (EC‐CES) through which patients can exclude EMR's sensitive information to eradicate leakage of privacy information in the data sharing process. (ii) To provide secure data sharing, blockchain smart contracts are used to define the predefined access permissions of the patients. (iii) To provide secure storage, we use a cloud facility to store actual EMRs, and consortium blockchain is used to store respective indexes of EMRs so that the data leakages of EMRs could be optimized and simultaneously, indexes in consortium blockchain will take care the integrity of EMRs. (iv) To provide access control in data sharing, we adopted ciphertext‐policy attribute‐based encryption (CP‐ABE) access control policy to empower the owners of data to secure the cloud storage and give access to authorized users through the encrypted link to the cloud storage with access control policies blinded. Finally, the security analysis demonstrates that DPEM is an optimized way of achieving EMRs secure data sharing.

show abstract

“…The authors [29] have effectively demonstrated the significance of ABE for resource-constrained IoT devices. Some other enhanced CP-ABE schemes [30] with variant features include attribute based proxy re-encryption [7,31], accountable CP-ABE [32], online/offline CP-ABE [5,7] and outsourced CP-ABE [33].…”

Section: Related Workmentioning

confidence: 99%

Granular Data Access Control with a Patient-Centric Policy Update for Healthcare

Khan

Tahir

et al. 2021

Sensors

View full text Add to dashboard Cite

Healthcare is a multi-actor environment that requires independent actors to have a different view of the same data, hence leading to different access rights. Ciphertext Policy-Attribute-based Encryption (CP-ABE) provides a one-to-many access control mechanism by defining an attribute’s policy over ciphertext. Although, all users satisfying the policy are given access to the same data, this limits its usage in the provision of hierarchical access control and in situations where different users/actors need to have granular access of the data. Moreover, most of the existing CP-ABE schemes either provide static access control or in certain cases the policy update is computationally intensive involving all non-revoked users to actively participate. Aiming to tackle both the challenges, this paper proposes a patient-centric multi message CP-ABE scheme with efficient policy update. Firstly, a general overview of the system architecture implementing the proposed access control mechanism is presented. Thereafter, for enforcing access control a concrete cryptographic construction is proposed and implemented/tested over the physiological data gathered from a healthcare sensor: shimmer sensor. The experiment results reveal that the proposed construction has constant computational cost in both encryption and decryption operations and generates constant size ciphertext for both the original policy and its update parameters. Moreover, the scheme is proven to be selectively secure in the random oracle model under the q-Bilinear Diffie Hellman Exponent (q-BDHE) assumption. Performance analysis of the scheme depicts promising results for practical real-world healthcare applications.

show abstract

Attribute-based Encryption for Cloud Computing Access Control

Cited by 93 publications

References 110 publications

A Practical and Efficient Bidirectional Access Control Scheme for Cloud-Edge Data Sharing

A Practical and Efficient Bidirectional Access Control Scheme for Cloud-Edge Data Sharing

Blockchain‐based patient centric health care communication system

Granular Data Access Control with a Patient-Centric Policy Update for Healthcare

Contact Info

Product

Resources

About