How to implement secure cloud file sharing using optimized attribute-based access control with small policy matrix and minimized cumulative errors

•Design a new framework of Cloud File Sharing (CFS) by integrating the ABAC/XACML model and the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) together.•Construct a Small Policy Matrix (SPM) from access control policy which helps ensure compliance with the data’s security requirements for pri...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2021-08, Vol.107, p.102318, Article 102318
Main Authors: Chen, E, Zhu, Yan, Zhu, Guizhen, Liang, Kaitai, Feng, Rongquan
Format: Article
Language:English
Subjects:
Access control
Algorithms
Attribute-Based encryption
Cloud computing
Cloud file sharing
Encryption
Enlargement
File sharing
Mathematical models
Optimization
Parameter estimation
Performance enhancement
Performance evaluation
Post-Quantum security
Privacy
Quantum computing
Security
Small policy matrix
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•Design a new framework of Cloud File Sharing (CFS) by integrating the ABAC/XACML model and the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) together.•Construct a Small Policy Matrix (SPM) from access control policy which helps ensure compliance with the data’s security requirements for privacy-preserving cloud storage.•Present a construction approach of SPM that has an advantage to generate an all-one reconstruction vector, this means that the cumulative error in the lattice cryptosystem with SPM can be reduced to the minimum, so as to improve the computation and storage performance of CP-ABE-L scheme.•Give the optimal estimation of system parameters to implement a valid Error Proportion Allocation (EPA).•The performance analyses illustrate that our CP-ABE-L scheme with short size of parameters is able to maintain efficient computation and reasonable storage overloads. [Display omitted] The stunning growth of Internet users through Cloud File Sharing (CFS) is raising great concerns about unprecedented cloud security and privacy breach. Also, the recent breakthrough in quantum computing further reinforces this kind of concerns, thus we exploit an efficient solution to guarantee personal privacy and resist quantum attacks in the CFS service. In our solution, we integrate the Attribute-based Access Control/eXtensible Access Control Markup Language (ABAC/XACML) model and the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) into the CFS. To improve the performance of CP-ABE, we make use of an optimization method to convert the ABAC/XACML policy into a Small Policy Matrix (SPM). We further prove that this matrix has small coefficients and generates an all-one reconstruction vector, such that it reduces the cumulative error in lattice cryptosystem to the minimum. By using the SPM, we design a new CP-ABE scheme from Lattice (CP-ABE-L) to prevent the enlargement of error bounds. We also give the optimal estimation of system parameters, which satisfy three lattice-generation conditions to implement a valid Error Proportion Allocation (EPA). Our scheme is proved secure against chosen-plaintext attack with a selective attribute set under the Decision Learning with Errors (DLWE) assumption in the standard model. The performance evaluation and analyses illustrate that our scheme not only has short parameters, but also maintains efficient computation and reasonable storage overloads.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2021.102318