Abstract
Cloud file storage systems are the current trend of enterprises and also of individual users. Due to the malicious or unauthorized users, file sharing among the cloud users has become the biggest challenge in the recent times. Attribute-based signcryption (ABSC) is known as the versatile cryptographic primitive which achieves the fine-grained access control over robust cloud storage. ABSC combines attribute-based encryption (ABE) and attribute-based signatures to achieve privacy-oriented confidentiality along with the authenticity. Unfortunately, most of the present ABE and ABSC schemes leverage heavy computational overheads against the key length, the ciphertext size or the expressive access structures used. In this paper, a new ABSC scheme is devised to reduce computational overheads, more particularly, at cloud by introducing the more expressive hypergraph access structure, Attribute HyperGraph. On a positive note, the proposed system outperforms and shows less cloud computational timing without exponentiations unlike Deng et al. (IEEE Access 6:39473–39486, 2018. https://doi.org/10.1109/ACCESS.2018.2843778), Liu et al. (Future Gener Comput Syst 52:67–76, 2015. https://doi.org/10.1016/j.future.2014.10.014) and Li et al. (IEEE Trans Parallel Distrib Syst 25(8):2201–2210, 2014. https://doi.org/10.1109/TPDS.2013.271) schemes. Subsequently, the system does not incur any cryptographic computations associated with designcryption at cloud unlike Deng et al. (2018).
Similar content being viewed by others
References
Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: Advances in Cryptology—EUROCRYPT 2005. Springer, Berlin, pp 457–473. ISBN 978-3-540-32055-5
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS’06, New York, NY, USA, 2006. ACM, pp 89–98. ISBN 1-59593-518-5. https://doi.org/10.1145/1180405.1180418
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP’07), pp. 321–334. https://doi.org/10.1109/sp.2007.11
Chase M (2007) Multi-authority attribute-based encryption. In: Theory of Cryptography. Springer, Berlin, pp 515–534. ISBN 978-3-540-70936-7
Wang G, Liu Q, Wu J, Guo M (2011) Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur 30(5):320–331. https://doi.org/10.1016/j.cose.2011.05.006
Attrapadung N, Imai H (2009) Conjunctive broadcast and attribute-based encryption. In: Shacham H, Waters B (eds) Pairing-Based Cryptography—Pairing 2009. Springer, Berlin, pp 248–265. ISBN 978-3-642-03298-1
Pandit T, Pandey SK, Barua R (2014) Attribute-based signcryption: signer privacy, strong unforgeability and IND-CCA2 security in adaptive-predicates attack. In: Chow SSM, Liu JK, Hui LCK, Yiu SM (eds) Provable Security. Springer International Publishing, Cham, pp 274–290. ISBN 978-3-319-12475-9
Liu Z, Cao Z, Wong DS (2013) White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans Inf Forensics Secur 8(1):76–88. https://doi.org/10.1109/TIFS.2012.2223683
Zhang Y, Zheng D (2017) Anonymous attribute-based encryption with large universe and threshold access structures. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC), vol 1, pp 870–874. https://doi.org/10.1109/cse-euc.2017.175
Wolf MM, Klinvex AM, Dunlavy DM (2016). Advantages to modeling relational data using hypergraphs versus graphs. In 2016 IEEE High Performance Extreme Computing Conference (HPEC), pp 1–7. https://doi.org/10.1109/hpec.2016.7761624
Deng F, Wang Y, Peng L, **ong H, Geng J, Qin Z (2018) Ciphertext-policy attribute-based signcryption with verifiable outsourced designcryption for sharing personal health records. IEEE Access 6:39473–39486. https://doi.org/10.1109/ACCESS.2018.2843778
Xu Q, Tan C, Fan Z, Zhu W, **ao Y, Cheng F (2018) Secure multi-authority data access control scheme in cloud storage system based on attribute-based signcryption. IEEE Access 6:34051–34074. https://doi.org/10.1109/ACCESS.2018.2844829
Xue K, Chen W, Li W, Hong J, Hong P (2018) Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Trans Inf Forensics Secur 13(8):2062–2074. https://doi.org/10.1109/TIFS.2018.2809679
Agrawal S, Chase M (2017) FAME: fast attribute-based message encryption. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS’17. ACM, pp 665–682. ISBN 978-1-4503-4946-8. https://doi.org/10.1145/3133956.3134014
Lee C-C, Chung P-S, Hwang M-S (2013) A survey on attribute-based encryption schemes of access control in cloud environments. Int J Netw Secur 15(4):231–240. https://doi.org/10.6633/IJNS.201307.15(4).01
Liu Z, Liu Y, Fan Y (2018) Searchable attribute-based signcryption scheme for electronic personal health record. IEEE Access 6:76381–76394. https://doi.org/10.1109/ACCESS.2018.2878527
Debnath S, Nunsanga MVL, Bhuyan B (2019) Study and scope of signcryption for cloud data access control. In: Advances in computer, communication and control. Springer Singapore, pp 113–126. ISBN 978-981-13-3122-0
Ruj S (2014) Attribute based access control in clouds: a survey. In: 2014 International Conference on Signal Processing and Communications (SPCOM), pp 1–6. https://doi.org/10.1109/spcom.2014.6983992
Li Q, Zhu H (2017) Multi-authority attribute-based access control scheme in mhealth cloud with unbounded attribute universe and decryption outsourcing. In: 2017 9th International Conference on Wireless Communications and Signal Processing (WCSP), pp 1–7. https://doi.org/10.1109/wcsp.2017.8171106
Yundong F, ** W, Jiasheng W (2017) Multi-authority attribute-based encryption access control scheme with hidden policy and constant length ciphertext for cloud storage. In: 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC), pp 205–212. https://doi.org/10.1109/dsc.2017.10
Yang K, Jia X (2012) Attributed-based access control for multi-authority systems in cloud storage. In: 2012 IEEE 32nd International Conference on Distributed Computing Systems, pp 536–545. https://doi.org/10.1109/icdcs.2012.42
Sreenivasa Rao Y (2017) A secure and efficient ciphertext-policy attribute-based signcryption for personal health records sharing in cloud computing. Future Gener Comput Syst 67:133–151. https://doi.org/10.1016/j.future.2016.07.019
He K, Guo J, Weng J, Weng J, Liu JK, Yi X (2018) Attribute-based hybrid Boolean keyword search over outsourced encrypted data. IEEE Trans Dependable Secure Comput. https://doi.org/10.1109/TDSC.2018.2864186
Nikam R, Potey M (2016) Cloud storage security using multi-factor authentication. In: 2016 International Conference on Recent Advances and Innovations in Engineering (ICRAIE), pp 1–7. https://doi.org/10.1109/icraie.2016.7939528
Jemel M, Serhrouchni A (2017) Decentralized access control mechanism with temporal dimension based on blockchain. In: 2017 IEEE 14th International Conference on e-Business Engineering (ICEBE), pp 177–182. https://doi.org/10.1109/icebe.2017.35
Zhou D, Huang J, Schölkopf B (2006) Learning with hypergraphs: clustering, classification, and embedding. In: Proceedings of the 19th International Conference on Neural Information Processing Systems, NIPS’06, pp 1601–1608. MIT Press, Cambridge. http://dl.acm.org/citation.cfm?id=2976456.2976657
Rich. Human resources data set (Version 3) - Version 13 of dataset. https://www.kaggle.com/rhuebner/human-resources-data-set
Bethencourt J, Sahai A, Waters B (2011) Advanced crypto software collection: the cpabe toolkit. http://acsc.cs.utexas.edu/cpabe. Accessed 24 Mar 2011
PKCS1-PSS sign method. https://www.dlitz.net/software/pycrypto/api/current/Crypto.Signature.PKCS1_PSS-module.html. Accessed 24 Mar 2012
Liu J, Huang X, Liu JK (2015) Secure sharing of personal health records in cloud computing: ciphertext-policy attribute-based signcryption. Future Gener Comput Syst 52:67–76. https://doi.org/10.1016/j.future.2014.10.014(Special Section: Cloud Computing: Security, Privacy and Practice)
Li J, Huang X, Li J, Chen X, **ang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210. https://doi.org/10.1109/TPDS.2013.271
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix
1.1 Security algorithmic phases of AHG-CPABSC scheme
This appendix section is dedicated to list our security algorithms. Security proof is not within the scope of this paper and will be extended as the future work.
Signature used in the proposed system
The signature used by the system follows Rivest–Shamir–Adleman (RSA) implementation public key cryptography standards (PKCS 1) [29]. The system generates the public key and private key as given follows:
-
1.
Two random prime numbers (namely \( p \) and \( q \)) are selected
-
2.
\( \lambda (n) \) is calculated as \( \lambda (n) = {\text{lcm}}(p - 1,q - 1) \), where \( \lambda \) is Carmichael’s quotient function, \( n = pq \) and \( {\text{lcm}} \) is least common multiple
-
3.
An integer \( e \) is chosen such that \( 1 < e < \lambda (n) \) and \( \gcd (e,\lambda (n)) = 1 \), where \( { \gcd } \) is the greater common divisor
-
4.
An integer \( s \) is computed such that \( se \equiv 1 \;\bmod \;\lambda (n) \)
Public key \( \upsilon = (e,n) \)
Private key \( r = (d,n) \)
The steps for signing the data are as follows:
-
1.
The hash of the plaintext is calculated using SHA256 algorithm
-
2.
The hash \( h \) is encrypted using the RSA private key of the signer (sender) to obtain the signature. \( S = h^{d} \;\bmod \; n \)
The steps for verifying the data are as follows:
-
1.
The hash \( h^{\prime } \) of the plaintext is calculated using SHA256 algorithm
-
2.
The hash h is obtained by decrypting the signature S using RSA public key of the signer (sender). \( h = S^{e} \;\bmod \;n \)
-
3.
The signature is verified if \( h \) and \( h^{\prime } \) are equal.
Rights and permissions
About this article
Cite this article
Mythili, R., Venkataraman, R. & Sai Raj, T. An attribute-based lightweight cloud data access control using hypergraph structure. J Supercomput 76, 6040–6064 (2020). https://doi.org/10.1007/s11227-019-03119-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-019-03119-7