Attribute-based content distribution with hidden policy

Access control in content distribution networks (CDNs) is a long-standing problem and has attracted extensive research. Traditional centralized access control approaches, such as reference monitor based approach, do not suit for CDNs as such networks are of large scale and geographically distributed in nature. Current CDNs usually resort to cryptographic-based distributed approaches for better fulfilling the goal of access control. Hence, it is highly critical to design and adapt appropriate cryptographic primitives for such purpose. In this paper, we propose a novel distributed access control approach for CDNs by exploiting a new cryptographic primitive called Ciphertext Policy Attributed-Based Encryption (CP-ABE). Our approach provides flexible yet fine-grained access control (per file level) so that the contents are available only to the authorized users. We further consider the protection of user privacy and enhance the current design of CP-ABE so that not only the cAccess control in content distribution networks (CDNs) is a long-standing problem and has attracted extensive research. Traditional centralized access control approaches, such as reference monitor based approach, do not suit for CDNs as such networks are of large scale and geographically distributed in nature. Current CDNs usually resort to cryptographic-based distributed approaches for better fulfilling the goal of access control. Hence, it is highly critical to design and adapt appropriate cryptographic primitives for such purpose. In this paper, we propose a novel distributed access control approach for CDNs by exploiting a new cryptographic primitive called ciphertext policy attributed-based encryption (CP-ABE). Our approach provides flexible yet fine-grained access control (per file level) so that the contents are available only to the authorized users. We further consider the protection of user privacy and enhance the current design of CP-ABE so that not only the contents themselves but also th- - e access policies, which could lead to the revelation of sensitive user information, are well protected.ontents themselves but also the access policies, which could lead to the revelation of sensitive user information, are well protected.