1. Field of the Invention
The present invention relates generally to encryption. More particularly, it relates to Ciphertext Policy Attribute Based Encryption (CP-ABE).
2. Description of Related Art
Data access control has been an increasing concern in the cloud environment where cloud users can compute, store and share their data. Cloud computing provides a scalable, location-independent and high-performance solution by delegating computation tasks and storage into the resource-rich clouds. This overcomes the resource limitation of users with respect to data storage, data sharing and computation; especially when it comes to mobile devices considering their limitations of processing hardware, storage space, and battery life. However, in reality, the cloud is usually not fully trusted by data owners; moreover, the cloud service providers may be tempted to peek at users' sensitive data and produce trapdoors in computation for commercial interests. To enforce secure data access control on untrusted cloud servers, traditional methods (e.g., AES) encrypt data before storing it in the cloud, but they incur high key-management overhead to provide dynamic group-based access control and significantly increases the system complexity.
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) has been proposed to provide a fine-grained access control for dynamic group formation in cloud-based data storage solutions. It enables the data owners to create access policies by designating attribute constraints and embedding the data access policies into the ciphertext, such that any data user has to satisfy the corresponding attributes to access the data. CP-ABE is designed to handle descriptive attributes, and it needs to convert comparative attributes into a bit-wise monotone access tree structure to enforce expressive access control of encrypted data. New methods for outsourcing decryption of ABE ciphertexts with significantly reduced decryption cost were devised, but their encryption cost grows with the number of involved attributes, and bitwise comparison has to be adopted for comparison.
Generally speaking, most existing CP-ABE schemes suffer several drawbacks. One drawback is that they require intensive computation to set up an access tree structure and perform subsequent encryption or decryption conforming to the tree structure. Hence, they are unsuitable for computation-constrained mobile devices.
Another drawback is that most existing CP-ABE schemes perform cryptographic comparison operations (such as ≦ and ≧) by following a series of bit-wise equal matching (e.g., 10*11*01) in a hierarchical tree structure, which involves a substantial amount of computational cost.
Another drawback is that most existing CP-ABE schemes do not support effective range comparisons (e.g., 2≦hours≦4,3≦level≦5). In fact, an attribute could have a collection of possible values in a sequential partial order. In other words, certain attributes may take the form of range values. For example, a healthy adult's resting heart rate may range from 60 to 100 beats per minute. Another example is that New York State residents with the income from $8,001 to $11,000 may be subject to 4.5% tax rates.
Additionally, most existing ABE schemes rely on bitwise-comparison operators with AND/OR gates and they cannot effectively support dual comparative expressions. Besides, the computational cost they bring overwhelms resource-limited mobile devices. One existing ABE scheme introduced an integer comparison mechanism to fine-grained access control based on attribute range. The same scheme is used to apply temporal access control and role-based control. However, the encryption cost involved is still too heavy for resource-constrained data owners, and the size of users' private keys and ciphertext overhead grows linearly with the number of attributes. Moreover, it has not considered negative attributes and wildcards.
Additionally, multi-authority ABE starts to attract attention as multiple attributes authorities are required to operate independently in many application scenarios. One existing multi-authority ABE requires a central trusted party to issue the key to every user. An improved version removes the central authority, and requires all the attribute authorities to cooperate in the access control. Other multi-authority ABE schemes require a centralized authority to create the master key and accordingly generate keys to each user. Multi-authority ABE schemes have been developed in which no preset access structure exists and the key generation authorities can work independently from each other. In the meantime, the privacy of access policy is a concern in attribute-based encryption. Certain multi-authority ABE schemes have been proposed to ensure the recipient gets no information of the policy if the decryption fails after a complete computation-intensive process with a central authority.