Efficient Attribute-Based Comparable Data Access Control

Zhijie Wang, Dijiang Huang, Yan Zhu, Bing Li, Chun Jen Chung

Research output: Contribution to journalArticlepeer-review

52 Scopus citations


With the proliferation of mobile devices in recent years, there is a growing concern regarding secure data storage, secure computation, and fine-grained access control in data sharing for these resource-constrained devices in a cloud computing environment. In this work, we propose a new efficient framework named Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) with the support of negative attributes and wildcards. It embeds the comparable attribute ranges of all the attributes into the user's key, and incorporates the attribute constraints of all the attributes into one piece of ciphertext during the encryption process to enforce flexible access control policies with various range relationships. Accordingly, CCP-CABE achieves the efficiency because it generates constant-size keys and ciphertext regardless of the number of involved attributes, and it also keeps the computation cost constant on lightweight mobile devices. We further discuss how to extend CCP-CABE to fit a scenario with multiple attribute domains, such that the decryption proceeds from the least privileged attribute domain to the most privileged one to help protect the privacy of the access policy. We provide security analysis and performance evaluation to demonstrate their efficiency at the end.

Original languageEnglish (US)
Article number7035021
Pages (from-to)3430-3443
Number of pages14
JournalIEEE Transactions on Computers
Issue number12
StatePublished - Dec 1 2015


  • Access control
  • Encryption
  • Generators
  • Medical services
  • Mobile handsets

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computational Theory and Mathematics


Dive into the research topics of 'Efficient Attribute-Based Comparable Data Access Control'. Together they form a unique fingerprint.

Cite this