Efficient Attribute-Based Comparable Data Access Control

With the proliferation of mobile devices in recent years, there is a growing concern regarding secure data storage, secure computation, and fine-grained access control in data sharing for these resource-constrained devices in a cloud computing environment. In this work, we propose a new efficient framework named Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) with the support of negative attributes and wildcards. It embeds the comparable attribute ranges of all the attributes into the user’s key, and incorporates the attribute constraints of all the attributes into one piece of ciphertext during the encryption process to enforce flexible access control policies with various range relationships. Accordingly, CCP-CABE achieves the efficiency because it generates constant-size keys and ciphertext regardless of the number of involved attributes, and it also keeps the computation cost constant on lightweight mobile devices. We further discuss how to extend CCP-CABE to fit a scenario with multiple attribute domains, such that the decryption proceeds from the least privileged attribute domain to the most privileged one to help protect the privacy of the access policy. We provide security analysis and performance evaluation to demonstrate their efficiency at the end.