An Efficient and Expressive Fully Policy-Hidden Ciphertext-Policy Attribute-Based Encryption Scheme for Satellite Service Systems

Satellite service systems transfer data from satellite providers to the big data industry, which includes data traders and data analytics companies. This system needs to provide access to numerous users whose specific identities are unknown. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) allows unidentified users with the proper attributes to decrypt data, providing fine-grained access control of data. However, traditional CP-ABE does not protect access policies. Access policies are uploaded to the cloud, stored, and downloaded in plain text, making them vulnerable to privacy breaches. When the access policy is completely hidden, users need to use their own attributes to try matching one by one, which is an inefficient process. In order to efficiently hide the access policy fully, this paper introduces a new efficient and expressive Fully Policy-Hidden Ciphertext-Policy Attribute-Based Encryption scheme (CP-ABE-FPH), which integrates the 2-way handshake O-PSI method with the ROBDD method. The integration offers advantages: (1) High efficiency and high expressiveness. The access policy using ROBDD is highly expressive but computationally intensive due to its recursive nature. This shortcoming is overcome in CP-ABE-FPH using the proposed O-PSI method, and the access policy is matched quickly and secretly. (2) High flexibility. The decryption process does not require the owner or the Key Generation Center (KGC) to be online, and system attributes can be added at any time. Security analysis shows that the access policy is fully hidden. Efficiency analysis and simulation results show that the proposed scheme is highly efficient in decryption compared with existing schemes.