White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively
Issue No. 05 - Sept.-Oct. (2018 vol. 15)
Jianting Ning , Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, China
Zhenfu Cao , East China Normal University, Shanghai, China
Xiaolei Dong , East China Normal University, Shanghai, China
Lifei Wei , Shanghai Ocean University, Shanghai, China
Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of
traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.
Cloud computing, Encryption, Access control, Context, Law
J. Ning, Z. Cao, X. Dong and L. Wei, "White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively," in IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 5, pp. 883-897, 2018.