TY - JOUR
T1 - How to implement secure cloud file sharing using optimized attribute-based access control with small policy matrix and minimized cumulative errors
AU - Chen, E.
AU - Zhu, Yan
AU - Zhu, Guizhen
AU - Liang, Kaitai
AU - Feng, Rongquan
PY - 2021
Y1 - 2021
N2 - The stunning growth of Internet users through Cloud File Sharing (CFS) is raising great concerns about unprecedented cloud security and privacy breach. Also, the recent breakthrough in quantum computing further reinforces this kind of concerns, thus we exploit an efficient solution to guarantee personal privacy and resist quantum attacks in the CFS service. In our solution, we integrate the Attribute-based Access Control/eXtensible Access Control Markup Language (ABAC/XACML) model and the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) into the CFS. To improve the performance of CP-ABE, we make use of an optimization method to convert the ABAC/XACML policy into a Small Policy Matrix (SPM). We further prove that this matrix has small coefficients and generates an all-one reconstruction vector, such that it reduces the cumulative error in lattice cryptosystem to the minimum. By using the SPM, we design a new CP-ABE scheme from Lattice (CP-ABE-L) to prevent the enlargement of error bounds. We also give the optimal estimation of system parameters, which satisfy three lattice-generation conditions to implement a valid Error Proportion Allocation (EPA). Our scheme is proved secure against chosen-plaintext attack with a selective attribute set under the Decision Learning with Errors (DLWE) assumption in the standard model. The performance evaluation and analyses illustrate that our scheme not only has short parameters, but also maintains efficient computation and reasonable storage overloads.
AB - The stunning growth of Internet users through Cloud File Sharing (CFS) is raising great concerns about unprecedented cloud security and privacy breach. Also, the recent breakthrough in quantum computing further reinforces this kind of concerns, thus we exploit an efficient solution to guarantee personal privacy and resist quantum attacks in the CFS service. In our solution, we integrate the Attribute-based Access Control/eXtensible Access Control Markup Language (ABAC/XACML) model and the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) into the CFS. To improve the performance of CP-ABE, we make use of an optimization method to convert the ABAC/XACML policy into a Small Policy Matrix (SPM). We further prove that this matrix has small coefficients and generates an all-one reconstruction vector, such that it reduces the cumulative error in lattice cryptosystem to the minimum. By using the SPM, we design a new CP-ABE scheme from Lattice (CP-ABE-L) to prevent the enlargement of error bounds. We also give the optimal estimation of system parameters, which satisfy three lattice-generation conditions to implement a valid Error Proportion Allocation (EPA). Our scheme is proved secure against chosen-plaintext attack with a selective attribute set under the Decision Learning with Errors (DLWE) assumption in the standard model. The performance evaluation and analyses illustrate that our scheme not only has short parameters, but also maintains efficient computation and reasonable storage overloads.
KW - Attribute-Based encryption
KW - Cloud file sharing
KW - Post-Quantum security
KW - Privacy
KW - Security
KW - Small policy matrix
UR - http://www.scopus.com/inward/record.url?scp=85106958933&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2021.102318
DO - 10.1016/j.cose.2021.102318
M3 - Article
AN - SCOPUS:85106958933
SN - 0167-4048
VL - 107
JO - Computers and Security
JF - Computers and Security
M1 - 102318
ER -