HUAP: Practical Attribute-based Access Control Supporting Hidden Updatable Access Policies for Resource-Constrained Devices. (arXiv:2107.10133v1 [cs.CR])

Attribute-based encryption (ABE) is a promising cryptographic mechanism for
providing confidentiality and fine-grained access control in the cloud-based
area. However, due to high computational overhead, common ABE schemes are not
suitable for resource-constrained devices. Moreover, data owners should be able
to update their defined access policies efficiently, and in some cases,
applying hidden access policies is required to preserve the privacy of clients
and data. In this paper, we propose a ciphertext-policy attribute-based access
control scheme which for the first time provides online/offline encryption,
hidden access policy, and access policy update simultaneously. In our scheme,
resource-constrained devices are equipped with online/offline encryption
reducing the encryption overhead significantly. Furthermore, attributes of
access policies are hidden such that the attribute sets satisfying an access
policy cannot be guessed by other parties. Moreover, data owners can update
their defined access policies while outsourcing a major part of the updating
process to the cloud service provider. In particular, we introduce blind access
policies that enable the cloud service provider to update the data owners’
access policies without receiving a new re-encryption key. Besides, our scheme
supports fast decryption such that the decryption algorithm consists of a
constant number of bilinear pairing operations. The proposed scheme is proven
to be secure in the random oracle model and under the hardness of Decisional
Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions.
Also, performance analysis results demonstrate that the proposed scheme is
efficient and practical.