Research Article: Improving the proof of “Privacy-preserving attribute-keyword based data publish-subscribe service on cloud platforms”

Date Published: February 25, 2019

Publisher: Public Library of Science

Author(s): Shangping Wang, Qian Zhang, Yaling Zhang, Jin Sun, Juanjuan Chen, Xiaoqing Sun, Mehmet Hadi Gunes.


Most recently, Kan Yang et al. proposed an attribute-keyword based encryption scheme for data publish-subscribe service(AKPS), which is highly useful for cloud storage scenario. Unfortunately, we discover that there is a flaw in the security proof of indistinguishability of the tag and trapdoor against chosen keyword attack under the Bilinear Diffie-Hellman (BDH) assumption. As the security proof is a key component for a cryptographic scheme, based on the Decisional Diffie-Hellman (DDH) assumption, we improve the security proof method and give a new security proof of the AKPS scheme for indistinguishability of the tag and trapdoor in our proposal, which is more rigorous than the original one. Furthermore, we also demonstrate that the AKPS scheme is secure against data Replayable Chosen Ciphertext Attack (RCCA).

Partial Text

Data publish-subscribe system [1, 2] is an appropriate mode for data users to receive data for interest. Cloud server, owing to considerable resources on storage and calculation, has been proven to be the most applicable platform for this service [3–5].

(1) We show that the security proof of the AKPS scheme [1] is not enough rigorous and adequate, and we give a detail analysis about it in section IV.

In this section, we present the basics of mathematics and cryptography required in the scheme, including the deterministic assumptions used in the proof, system model of the AKPS scheme and the security definition of the AKPS scheme.

We briefly review the AKPS scheme below, which mainly contains five phases: System initialization, Trapdoor generation, Data publication, Policy checking and Pre-decryption, and Data decryption. For a detailed introduction to the scheme, please refer to [1].

In this section, we give a detail analysis about the security proof of the AKPS scheme [1], and point out the flaw of their security proof in [1]. In order to make it clearer, we will name the theorems in the AKPS scheme as Theorem 1, Theorem 2, Theorem 3, and name the security proof of our theorems in section V as Theorem 1′, Theorem 2′, and Theorem 3′.

In this section, we will give our new security proof of the AKPS scheme about the security of the trapdoor and tag. In addition, we give a new security proof of the Data-RCCA security for the AKPS scheme.

We analyze the security proof of AKPS scheme [1] for indistinguishability of tag and trapdoor and show that the security proof of the AKPS scheme is not rigorous and adequate, although the construction of AKPS scheme is remarkable. Based on it, we give an improving security proof of AKPS scheme for its Tag-IND-CKA security and Td-IND-CKA security based on the DDH assumption. Furthermore, by using of the conclusion that the Waters scheme in [6] is selectively CPA-secure, we manifest that the AKPS scheme realizes data replayable secure against replayable chosen ciphertext attack (RCCA), which has a higher level of security than the security of the indistinguishability of the Data-CPA in original AKPS scheme, which is mentioned but not demonstrated. Moreover, there are a number of issues that need to be studied and solved for the attribute-keyword based data publish-subscribe scheme on the cloud platforms. Firstly, new AKPS scheme should be designed to cope with the situation that a subscription policy is spelled with mistakes of interesting words, for example, ‘compute’ may be spelled as ‘compote’ or ‘compue’. Secondly, for the situations where the subscriber’s attributes may have been changed, such as revoke, update, increase etc, how to design efficient attribute revocation and update algorithm to realize the dynamic management of attributes, and protect the forward and backward security of the algorithm is a promising study topics. Thirdly, in publish-subscribe system, how to add the concept of time into the access policy to avoid illegal data access in the case of private key is leaked. These three aspects will be the focus of our future work.




Leave a Reply

Your email address will not be published.