A general transformation from KP-ABE to searchable encryption

Users are inclined to share sensitive data in a remote server if no strong security mechanism is in place. Searchable encryption satisfies the need of users to execute a search encrypted data. Previous searchable encryption methods such as “public key encryption with keyword search (PEKS)” restricted the data access to certain users, because only the assigned users were able to search the encrypted data. In this paper we will discuss the relation between Attribute Based Encryption (ABE) and searchable encryption and define a weak anonymity of the ABE scheme, named “attribute privacy”. With this weak anonymity, we propose a general transformation from ABE to Attribute Based Encryption with Keyword Search (ABEKS) and a concrete attribute private key-policy ABE (KP-ABE) scheme. We present an ABEKS scheme based on this KP-ABE scheme and permit multi-users to execute a flexible search on the remote encrypted data.     

Generic user revocation systems for attribute-based encryption in cloud storage

Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. Attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.     

A survey of lattice based expressive attribute based encryption

Attribute Based Encryption (ABE) can be employed to enforce fine grained access control over encrypted data. Due to expressiveness, ABE schemes are currently employed in cloud computing and storage systems. The classical ABE schemes based on bilinear pairing are vulnerable to quantum cryptanalysis, whereas ABE schemes from lattices can resist quantum attacks. In this work, we comprehensively survey various kinds of attribute based encryption schemes in the lattice setting in terms of expressiveness, complexity assumptions, efficiency, security and so on. We also discuss attribute based encryption schemes from lattices deserving further research to specify future directions for cryptographers.     

可追踪并撤销叛徒的属性基加密方案

属性基加密(ABE)是一种有效地对加密数据实现细粒度访问控制的密码学体制.在ABE系统中,存在恶意用户(或叛徒)泄露私钥生成盗版解码器,并将其分发给非法用户的问题.现有的解决方案仅能追查到密钥泄漏者的身份,但不能将其从ABE系统中撤销.文中提出了一种既可追踪又可撤销叛徒的属性基加密方案(ABTR).首先,给出一个具有扩展通配符的属性基加密方案(GWABE),基于3个3素数子群判定假设,采用双系统加密方法证明该GWABE方案是完全安全的.然后,利用完全子树构架将GWABE转化成ABTR方案,并证明该ABTR方案是完全安全的,且用户私钥长度是固定的.而此前的可追踪叛徒的ABE方案仅满足选择安全性.     

Cost-effectiveness considerations in the use of computer assisted instruction for adult basic education

What does it cost to provide adult basic education (ABE) with computer assisted instruction (CAI) and how do we know when we are “getting our money's worth” from such technology? This paper examines these issues in the context of data drawn from a community based adult literacy project employing extensive CAI in a Technology for Literacy Center (TLC). The study reported in this paper was undertaken as part of a larger formative and summative evaluation project of TLC. It illustrates an accounting framework for estimating costs in ABE, presents some benchmark cost data for making inter-project comparisons, and offers some preliminary observations on the cost-effectiveness of CAI in both TLC and ABE.     

Revocable attribute-based encryption from standard lattices

Attribute-based encryption (ABE) is an attractive extension of public key encryption, which provides fine-grained and role-based access to encrypted data. In its key-policy flavor, the secret key is associated with an access policy and the ciphertext is marked with a set of attributes. In many practical applications, and in order to address scenarios where users become malicious or their secret keys are compromised, it is necessary to design an efficient revocation mechanism for ABE. However, prior works on revocable key-policy ABE schemes are based on classical number-theoretic assumptions, which are vulnerable to quantum attacks. In this work, we propose the first revocable key-policy ABE scheme that offers an efficient revocation mechanism while maintaining fine-grained access control to encrypted data. Our scheme is based on the learning with errors (LWE) problem, which is widely believed to be quantum-resistant. Our scheme supports polynomial-depth policy function and has short secret keys, where the size of the keys depends only on the depth of the supported policy function. Furthermore, we prove that our scheme satisfies selective revocation list security in the standard model under the LWE assumption.     

多属性授权机构下属性可撤销的CP-ABE方案

属性基加密（ABE）不仅可以保障数据的安全性,而且能实现数据细粒度的访问控制。现实中,由于用户属性可能被频繁更改,在ABE方案中实现属性撤销是至关重要的。针对现有的方案就如何在计算效率资源受限的设备中实现用户有效的解密以及密钥托管问题,本文提出一个在云环境中多属性授权机构下的可撤销的ABE方案。在本文方案中,用户端使用外包解密技术来减少本地的计算负荷,将组合密钥和密文的更新委托云服务器,实现属性的撤销功能。安全性分析表明,本文方案在选择明文攻击下具有不可区分安全性,性能分析结果表明,本文方案更高效。     

A PSO-based model to increase the accuracy of software development effort estimation

Development effort is one of the most important metrics that must be estimated in order to design the plan of a project. The uncertainty and complexity of software projects make the process of effort estimation difficult and ambiguous. Analogy-based estimation (ABE) is the most common method in this area because it is quite straightforward and practical, relying on comparison between new projects and completed projects to estimate the development effort. Despite many advantages, ABE is unable to produce accurate estimates when the importance level of project features is not the same or the relationship among features is difficult to determine. In such situations, efficient feature weighting can be a solution to improve the performance of ABE. This paper proposes a hybrid estimation model based on a combination of a particle swarm optimization (PSO) algorithm and ABE to increase the accuracy of software development effort estimation. This combination leads to accurate identification of projects that are similar, based on optimizing the performance of the similarity function in ABE. A framework is presented in which the appropriate weights are allocated to project features so that the most accurate estimates are achieved. The suggested model is flexible enough to be used in different datasets including categorical and non-categorical project features. Three real data sets are employed to evaluate the proposed model, and the results are compared with other estimation models. The promising results show that a combination of PSO and ABE could significantly improve the performance of existing estimation models.     

面向移动云存储的属性基解密服务中间件

属性基加密（ABE）算法支持对云端数据的细粒度访问控制。针对属性基解密计算复杂度高,难以在资源受限的移动终端上实现的问题,提出并实现了一种面向移动云存储的属性基解密服务中间件。在保证密文信息不被中间件获取的前提下,中间件为移动终端代理属性基解密服务,实现了基于树形结构的线性秘密共享（LSSS）矩阵求解,降低了终端的计算与通信开销,提高了解密速度;属性权威可以在不需要用户参与的条件下,即时、细粒度地撤销用户属性;所有接口均使用Restful服务,保证了通用性。实验结果表明,属性基解密服务中间件提高移动设备解密性能近30倍,具备较好的并发性能,属性撤销具有实用性。     

Revocable,dynamic and decentralized data access control in cloud storage

The Journal of Supercomputing - Attribute-based encryption(ABE) can enable user-centered data sharing in untrusted cloud scenario where users usually lack control on their outsourced data. However,...     

Attribute-based data access control in mobile cloud computing: Taxonomy and open issues

With the thriving growth of the cloud computing, the security and privacy concerns of outsourcing data have been increasing dramatically. However, because of delegating the management of data to an untrusted cloud server in data outsourcing process, the data access control has been recognized as a challenging issue in cloud storage systems. One of the preeminent technologies to control data access in cloud computing is Attribute-based Encryption (ABE) as a cryptographic primitive, which establishes the decryption ability on the basis of a user’s attributes. This paper provides a comprehensive survey on attribute-based access control schemes and compares each scheme’s functionality and characteristic. We also present a thematic taxonomy of attribute-based approaches based on significant parameters, such as access control mode, architecture, revocation mode, revocation method, revocation issue, and revocation controller. The paper reviews the state-of-the-art ABE methods and categorizes them into three main classes, such as centralized, decentralized, and hierarchal, based on their architectures. We also analyzed the different ABE techniques to ascertain the advantages and disadvantages, the significance and requirements, and identifies the research gaps. Finally, the paper presents open issues and challenges for further investigations.     

属性匹配检测的匿名CP-ABE机制

属性基加密（简称ABE）机制以属性为公钥,将密文和用户私钥与属性关联,能够灵活地表示访问控制策略,从而极大地降低数据共享细粒度访问控制带来的网络带宽和发送节点的处理开销.作为和ABE相关的概念,匿名ABE机制进一步隐藏了密文中的属性信息,因为这些属性是敏感的,并且代表了用户身份.匿名ABE方案中,用户因不确定是否满足访问策略而需进行重复解密尝试,造成巨大且不必要的计算开销.文章提出一种支持属性匹配检测的匿名属性基加密机制,用户通过运行属性匹配检测算法判断用户属性集合是否满足密文的访问策略而无需进行解密尝试,且属性匹配检测的计算开销远低于一次解密尝试.结果分析表明,该解决方案能够显著提高匿名属性基加密机制中的解密效率.同时,可证明方案在双线性判定性假设下的安全性.     

Kernel methods for software effort estimation

Analogy based estimation (ABE) generates an effort estimate for a new software project through adaptation of similar past projects (a.k.a. analogies). Majority of ABE methods follow uniform weighting in adaptation procedure. In this research we investigated non-uniform weighting through kernel density estimation. After an extensive experimentation of 19 datasets, 3 evaluation criteria, 5 kernels, 5 bandwidth values and a total of 2090 ABE variants, we found that: (1) non-uniform weighting through kernel methods cannot outperform uniform weighting ABE and (2) kernel type and bandwidth parameters do not produce a definite effect on estimation performance. In summary simple ABE approaches are able to perform better than much more complex approaches. Hence,—provided that similar experimental settings are adopted—we discourage the use of kernel methods as a weighting strategy in ABE.     

Fast leader election in anonymous rings with bounded expected delay

We propose a probabilistic network model, called asynchronous bounded expected delay (ABE), which requires a known bound on the expected message delay. In ABE networks all asynchronous executions are possible, but executions with extremely long delays are less probable. Thus, the ABE model captures asynchrony that occurs in sensor networks and ad-hoc networks.At the example of an election algorithm, we show that the minimal assumptions of ABE networks are sufficient for the development of efficient algorithms. For anonymous, unidirectional ABE rings of known size n we devise a probabilistic election algorithm having average message and time complexity O(n).     

A study of project selection and feature weighting for analogy based software cost estimation

A number of software cost estimation methods have been presented in literature over the past decades. Analogy based estimation (ABE), which is essentially a case based reasoning (CBR) approach, is one of the most popular techniques. In order to improve the performance of ABE, many previous studies proposed effective approaches to optimize the weights of the project features (feature weighting) in its similarity function. However, ABE is still criticized for the low prediction accuracy, the large memory requirement, and the expensive computation cost. To alleviate these drawbacks, in this paper we propose the project selection technique for ABE (PSABE) which reduces the whole project base into a small subset that consist only of representative projects. Moreover, PSABE is combined with the feature weighting to form FWPSABE for a further improvement of ABE. The proposed methods are validated on four datasets (two real-world sets and two artificial sets) and compared with conventional ABE, feature weighted ABE (FWABE), and machine learning methods. The promising results indicate that project selection technique could significantly improve analogy based models for software cost estimation.     

基于属性加密的雾协同云数据共享方案

为解决现有的属性加密数据共享方案粗粒度和开销大等问题,提出一种能保证数据隐私且访问控制灵活的雾协同云数据共享方案(FAC-ABE)。设计属性加密机制,将数据的访问控制策略分为个性化和专业化两种。通过个性化的访问策略,根据用户的经验和偏好,将数据共享给相应的云端。利用雾节点对数据分类,将共享的数据分流,保障数据共享给专业的云服务器。安全分析结果表明,该方案能保障数据机密性,实现更细粒度的访问控制。实验结果表明,用户能将加密开销转移到雾节点上,降低了云端用户开销。     

Securely outsourcing the ciphertext-policy attribute-based encryption

Attribute-based Encryption (ABE) is a new and promising public key encryption that allows fine-grained authorization on data based on user attributes. Such property is favorable for multiple applications that require encrypted storage or access control on data, in particular: eHealth applications. However, ABE schemes are known not to be efficient in the encryption phase because ciphertext size and the time required to encrypt grow with the complexity of the access policy. Such drawback is critical in the context of pervasive computing, for instance, in the Internet of Things, where data producers are usually resource-constrained devices, e.g. smart phones or sensing platforms. In this work, we propose OEABE standing for Outsourcing mechanism for the Encryption of Ciphertext-Policy ABE (CP-ABE). We show how a user can offload expensive operations of CP-ABE encryption to a semi-trusted party in a secure manner. Our proposed mechanism requires only one exponentiation on resource-constrained devices. We provide also an informal security analysis of possible attacks from a semi-honest adversary against the proposed solution. To demonstrate the performance gains of our mechanism, we first conducted a performance estimation on an emulated Wismote sensor platform. Then, we implemented our proposal and did comparison to an existing implementation of CP-ABE on a laptop.     

Complex and flexible data access policy in attribute-based encryption

The Journal of Supercomputing - With the development of cloud computing application, attribute-based encryption (ABE) with flexibly fine-grained data access control is widely adopted. However,...     

Generic attribute revocation systems for attribute-based encryption in cloud storage

Frontiers of Information Technology & Electronic Engineering - Attribute-based encryption (ABE) has been a preferred encryption technology to solve the problems of data protection and access...     

Removing escrow from ciphertext policy attribute-based encryption

Attribute-based encryption (ABE) is a promising cryptographic primitive for fine-grained access control of distributed data. In ciphertext policy attribute-based encryption (CP-ABE), each user is associated with a set of attributes and data are encrypted with access policies on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access policy embedded in the ciphertext. However, key escrow is inherent in ABE systems. A curious key generation center in that construction has the power to decrypt every ciphertext. We found that most of the existing ABE schemes depending on a single key authority suffer from the key escrow problem. In this study, we propose a novel CP-ABE key issuing architecture that solves the key escrow problem. The proposed scheme separates the power of issuing user keys into two parties: the key generation center and the attribute authority. In the proposed construction, the key generation center and the attribute authority issue different parts of secret key components to users through a secure two-party computation protocol such that none of them can determine the whole set of keys of users individually. We demonstrate how the proposed key issuing protocol can be applied in the existing CP-ABE scheme and resolve the key escrow problem.