How to implement secure cloud file sharing using optimized attribute-based access control with small policy matrix and minimized cumulative errors

摘要

The stunning growth of Internet users through Cloud File Sharing (CFS) is raising great concerns about unprecedented cloud security and privacy breach. Also, the recent breakthrough in quantum computing further reinforces this kind of concerns, thus we exploit an efficient solution to guarantee personal privacy and resist quantum attacks in the CFS service. In our solution, we integrate the Attribute-based Access Control/eXtensible Access Control Markup Language (ABAC/XACML) model and the Ciphertext-Policy Attribute-Based Encryption (CP-ABE) into the CFS. To improve the performance of CP-ABE, we make use of an optimization method to convert the ABAC/XACML policy into a Small Policy Matrix (SPM). We further prove that this matrix has small coefficients and generates an all-one reconstruction vector, such that it reduces the cumulative error in lattice cryptosystem to the minimum. By using the SPM, we design a new CP-ABE scheme from Lattice (CP-ABE-L) to prevent the enlargement of error bounds. We also give the optimal estimation of system parameters, which satisfy three lattice-generation conditions to implement a valid Error Proportion Allocation (EPA). Our scheme is proved secure against chosen-plaintext attack with a selective attribute set under the Decision Learning with Errors (DLWE) assumption in the standard model. The performance evaluation and analyses illustrate that our scheme not only has short parameters, but also maintains efficient computation and reasonable storage overloads.