Enhanced Dual-Policy Attribute-Based Encryption for Secure Data Sharing in the Cloud

As a promising service paradigm, cloud computing has attracted lots of enterprises and individuals to outsource big data to public cloud. To facilitate secure data using and sharing, dual-policy attribute-based encryption (DP-ABE) is a suitable solution. It allows two access control mechanisms over encrypted data at the same time: one involves access policies over subjective attributes ascribed to user credentials, and the other involves policies over objective attributes ascribed to data. In this work, we are exploring methods to make DP-ABE more flexible, more efficient, and more secure for deployments in cloud scenes. Our proposal features the following achievements simultaneously: (1) beyond the access control mechanisms of DP-ABE, it also supports two flexible features called encryption and key generation in single-policy modes; (2) most operations of key generation, encryption, and decryption are securely outsourced to cloud servers, leaving extremely low overheads for the PKG, data owners, and users; and (3) it realizes the strongest security notion of public-key encryption schemes, namely, CCA security. We formalize the security definition and formally prove its security in the random oracle model. Moreover, we implement the proposed schemes using the Charm framework. The experiment results demonstrate that our schemes are efficient and practical.