Review
Attribute based encryption in cloud computing: A survey, gap analysis, and future directions

https://doi.org/10.1016/j.jnca.2018.02.009Get rights and content

Highlights

  • Discuss the fundamental concepts of ABE and its variations KPABE and CPABE based on access structure, and multi-authority.

  • Explore more on CPABE with hidden policy, proxy re-encryption, revocation mechanism and HABE.

  • Analyse the various ABE schemes based on functionalities, security, and efficiency to find the open challenges.

  • Identify the suitable applications and future direction of attribute based encryption in cloud computing.

Abstract

Cloud computing facilitates to store and access the data remotely over the internet. However, storing the data in the untrusted cloud server leads the privacy and access control issues in the cloud. The traditional encryption schemes such as symmetric and asymmetric schemes are not suitable to provide the access control due to lack of flexibility and fine-grained access control. One of the prominent cryptographic technique to provide privacy and fine-grained access control in cloud computing is Attribute Based Encryption. In this paper, we comprehensively survey the various existing key policy and ciphertext policy attribute based encryption schemes based on access structure, and multi-authority schemes. Moreover, this review explores more on ciphertext policy attribute based encryption in different aspects such as hidden policy, proxy re-encryption, revocation mechanism, and hierarchical attribute based encryption. Further, this paper compares different ABE schemes based on the features, security, and efficiency. This paper also identifies the suitability of attribute based encryption for practical applications. Finally, this paper analyze the different ABE schemes to find out the research gap and challenges that needs to be investigated further on the Attribute Based Encryption.

Introduction

Cloud environment (Lumb et al., 2009, Jadeja and Modi, 2012, Fehling et al., 2014) provides the new dimension of utilizing information technology resources in the business. The cloud delivers the resources based on the on-demand and pay by use model i.e. whenever we need the additional resources based on the request, the service will be allotted and charged. The cloud delivers the variety of services such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) to cloud users as shown in Fig. 1. SaaS provides the application to the user such as webmail, program interface, and web browser. PaaS provides the programming languages, libraries, services, and tools, etc. IaaS provides the infrastructure, such as storage, networks, and other processing and computing resources. There are various deployment models such as private, public, community, and hybrid cloud. Private cloud is owned by a single organization, whereas the public cloud is shared by multiple consumers. Community cloud means the same kind of community consumers can join and use this service. Hybrid cloud is the combination of any two above-said deployment models of the cloud. Based on the user need and requirement, the user may choose specific services and deployment model.

Cloud provides a lot of benefits such as cost savings in investments, less maintenance, flexibility, less environment impact, scalability, access anywhere, etc. Even though the cloud provides a lot of benefits, the businesses or organizations are not moving to the cloud, especially storing big data in the cloud due to security and privacy issues (Takabi et al., 2010, Pasupuleti et al., 2016). Cloud storage (Wu et al., 2010) is mainly used to store and manage the data remotely, it allows storing the data through the internet so that users can access the data from anywhere in the world irrespective of the device and location. Cloud storage also helps to store big data for managing, processing and analyzing of data, which is quite simple without investing much because it supports the entire requirement for the same. However, the problem with cloud storage is data privacy and access control, because storing data in the cloud means it is stored in third party Cloud Service Provider (CSP) who may not trusted. Therefore, the cloud service provider may access or disclose the sensitive data and they may share the stored data to unauthorized users for business purposes. Consider the privacy and security of the users the data must be encrypted before storing in to the cloud. Even though we encrypt the data it can be accessed by all the users, so the data access should be restricted based on user's access level and rights. Henceforth, there are two main things to be considered while storing the data in the cloud i.e. privacy of the big data and user access control (Khan, 2012).

The traditional symmetric and asymmetric key encryption cryptographic techniques are used for encryption. The symmetric key means the same key is used for both encryption and decryption. The asymmetric key means the public key is used for encryption and the private key is used for decryption i.e. different keys are used for both encryption and decryption. However, these encryption techniques provide the privacy, but not the access control. The Attribute Based Encryption (ABE) is a public key cryptographic technique (Kamara and Lauter, 2010) that provides the secure data sharing among multiple users which can achieve both privacy and access control. In ABE, data is encrypted using attributes and decrypted using the secret key of a user which is associated with an access policy. The user can only decrypt when the user credentials satisfy the access policy, and it does not only provide the fine-grained access control, but also provides revocation, collusion resistant, and scalability. The ABE is mainly classified into two types, Key Policy Attribute Based Encryption (KPABE) and Cipher Policy Attribute Based Encryption (CPABE). In KPABE, the ciphertext is based on attributes and the user's secret keys are based on access policies, and it is shown in Fig. 2. In CPABE, the ciphertext is based on access policies and user's secret keys based on attributes and it is shown in Fig. 3.

In this paper, we survey and discuss the different ABE schemes, such as KPABE, CPABE and about access structure, constant ciphertext, and multi-authority. Further CPABE is studied in-depth about hidden policy, proxy re-encryption, revocation mechanism and Hierarchical ABE. Finally, we conclude and provide the future direction of ABE research. The taxonomy of the survey is shown in the Fig. 4. The major contributions of this paper are as follows:

  • 1)

    We survey the ABE schemes in cloud computing

  • 2)

    We discuss the problems of different KPABE and CPABE schemes

  • 3)

    We give the comparison of various ABE schemes based on their advantages, disadvantages, and functionalities.

  • 4)

    We also provide the security and performance analysis of different ABE schemes

  • 5)

    Finally, we provide the applications and future directions for ABE in cloud computing

The rest of the paper is organized as follows: Section 2 focus on the ABE basic concepts with an algorithm, Key policy ABE, Ciphertext policy ABE, multi-authority CPABE, hidden policy CPABE, proxy re-encryption, revocation mechanism in CPABE, and Hierarchical attribute based encryption. The comparative study of the various ABE schemes is presented in Section 3. The applications of ABE is given in Section 4. Section 5 covers the future directions of ABE research and the paper is concluded in Section 6.

Section snippets

Attribute based encryption

In this section, we discuss about the fundamental concept of ABE and its algorithm. Sahai and Waters (2005) first proposed the concept of ABE, and it is the public key cryptography of one-to-many algorithm to protect the data in the cloud. Here, the encryption of the data is based on the set of attributes. There are three actors involved namely Authority, Data Owner, Data User. Authority generates public key and send it to the data owner for encryption and it also generates the master secret

Comparison

In this section, we compare the various existing ABE schemes in terms of features analysis, security analysis, and performance analysis.

Applications of ABE

In this section, we give the application scenario of different ABE schemes such as KPABE, and CPABE.

In KPABE, the data is encrypted using set of descriptive attributes and secret key is associated with access structure. KPABE is more suitable for the following application which requires the descriptive attribute to encrypt the data such as 1) In secure forensic application, the relevant information and evidence is stored with set of descriptive attributes such as crime id, date, and name of the

Future directions

We analysed the different ABE schemes and research progress. It is a leading research area in the past decade but still there is a scope to investigate further on ABE. The following are the some of the possible challenges for further investigation on ABE.

  • 1

    CPABE efficiency for big data, mobile, IoT applications: CPABE scheme provides effective access control for big data, mobile and IoT applications in the cloud but the computation requirement of encryption and decryption process is inefficient

Discussion and conclusion

In this paper, we focused on the importance and requirement of privacy and access control in the cloud environment and ABE is a widely used prominent cryptographic technique to provide that privacy and the fine-grained access control. We comprehensively surveyed the attribute based encryption schemes based on various characteristics and parameters such as access structure, multi-authority, hidden policy in CPABE, proxy re-encryption in CPABE, revocation mechanism in CPABE and HABE. Furthermore,

P.Praveen Kumar received the MTech degree in Computer and Information Technology from Manonmaniam Sundaranar University. He is currently doing PhD at National Institute of Technology, Tiruchirappalli. His research interests include Cloud Computing, Big Data, and Cryptography. He is a life member of the ISTE.

References (80)

  • M. Chase

    Multi-authority attribute based encryption

  • M. Chase et al.

    Improving privacy and security in multi-authority attribute-based encryption

  • J. Chen et al.

    Efficient decentralized attribute-based access control for cloud storage with user revocation

  • L. Cheung et al.

    Provably secure ciphertext policy abe

  • S.S.M. Chow

    A framework of multi-authority attribute-based encryption with outsourcing and revocation

  • Cloud Security Alliance

    Expanded Top Ten Big Data Security and Privacy Challenges

    (2013)
  • H. Cui et al.

    Attribute-based storage supporting secure deduplication of encrypted data in cloud

    IEEE Trans. Big Data

    (2017)
  • C. Delerablee

    Identity-based broadcast encryption with constant size ciphertexts and private keys

  • K. Emura et al.

    A ciphertext-policy attribute-based encryption scheme with constant ciphertext length

    Int. J. Appl. Cryptogr.

    (2010)
  • C.I. Fan et al.

    Arbitrary-state attribute based encryption with dynamic membership

    IEEE Trans. Comput.

    (2014)
  • C. Fehling et al.

    Cloud computing fundamentals

  • S. Fugkeaw et al.

    Scalable and secure access control policy update for outsourced big data

    Future Generat. Comput. Syst.

    (2017)
  • V. Goyal et al.

    Attribute-based encryption for fine-grained access control of encrypted data

  • V. Goyal et al.

    Bounded ciphertext policy attribute based encryption

  • J. Han et al.

    Privacy-preserving decentralized key-policy attribute-based encryption

    IEEE Trans. Parallel Distr. Syst.

    (2012)
  • H. He et al.

    Secure, efficient and fine-grained data access control mechanism for P2P storage cloud

    IEEE Trans. Cloud Comput.

    (2014)
  • J. Hur

    Improving security and efficiency in attribute-based data sharing

    IEEE Trans. Knowl. Data Eng.

    (2013)
  • J. Hur et al.

    Attribute-based access control with efficient revocation in data outsourcing systems

    IEEE Trans. Parallel Distr. Syst.

    (2011)
  • L. Ibraimi et al.

    Efficient and provable secure ciphertext-policy attribute-based encryption schemes

  • L. Ibraimi et al.

    Mediated ciphertext-policy attribute-based encryption and its application

  • Y. Jadeja et al.

    Cloud computing-concepts, architecture and challenges

  • C. Jin et al.

    Fully secure hidden ciphertext policy attribute-based encryption with short ciphertext size

  • S. Kamara et al.

    Cryptographic cloud storage

  • A.R. Khan

    Access control in cloud computing environment

    ARPN J. Eng. Appl. Sci.

    (2012)
  • J. Lai et al.

    Fully secure cipertext-policy hiding CP-ABE

  • J. Lai et al.

    Fully secure key-policy attribute-based encryption with constant-size ciphertexts and fast decryption

  • A. Lewko et al.

    Decentralizing attribute-based encryption

  • A. Lewko et al.

    Revocation systems with very small private keys

  • K. Li

    Matrix Access Structure Policy Used in Attribute Based Proxy Re-encryption

    (2013)
  • J. Li et al.

    Privacy-aware attribute-based encryption with user accountability

  • Cited by (0)

    P.Praveen Kumar received the MTech degree in Computer and Information Technology from Manonmaniam Sundaranar University. He is currently doing PhD at National Institute of Technology, Tiruchirappalli. His research interests include Cloud Computing, Big Data, and Cryptography. He is a life member of the ISTE.

    P .Syam Kumar received the MTech degree in Computer Science and Technology from Andhra University and PhD degree in Computer Science from Pondicherry University. He is an Assistant professor in Institute for Development and Research in Banking Technology (IDRBT), Hyderabad. His research interests are in the area of Cloud Computing, Security and Privacy, Cryptography and IoT. He is a member of the IEEE.

    P .J.A.Alphonse received the MTech degree in computer science from Indian Institute of Technology, Delhi and the PhD degree in Mathematics & Computer Science from National Institute of Technology, Tiruchirappalli. He is currently working as Associate professor in National Institute of Technology, Tiruchirappalli. His research interests include Graph Theory and its Algorithms, Wireless and Ad hoc Networks, Cryptography and Network Security. He is a life member of the ISTE and ISC.

    View full text