Reliable Policy Updating Under Efficient Policy Hidden Fine-Grained Access Control Framework for Cloud Data Sharing

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is one of the potent encryption paradigms in protecting data confidentiality in the cloud data sharing scenario. However, the access policy of the traditional CP-ABE is in plaintext form that reveals significant sensitive information of data owners and data visitors. To mitigate this problem, two approaches have been proposed in the literature. One is partially hidden, where the attributes in the access policy are divided into two parts: the plaintext attribute names and the hidden attribute values. The other approach fully hides the attributes in the access policy which, unfortunately, hinders efficient and correct decryption as well as dynamic policy-updating. In this article, we design a security-enhanced Attribute Cuckoo Filter (se-ACF) to hide the access policy and propose a new CP-ABE system, called Privacy-Preserving Policy Updating ABE (3PU-ABE), which effectively integrates policy hiding and policy updating. We conduct rigorous security analysis and performance evaluation of 3PU-ABE. The results indicate that 3PU-ABE completely hides the access policy without affecting the decryption, and entails better policy updating efficiency than similar works.

Automated summary

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a powerful encryption paradigm for data confidentiality in cloud data sharing. However, the access policy in traditional CP-ABE reveals sensitive information. To address this, this article proposes a novel CP-ABE system called Privacy-Preserving Policy Updating ABE (3PU-ABE), which utilizes a security-enhanced Attribute Cuckoo Filter (se-ACF) to hide the access policy and enable policy updating.