Ciphertext-Policy Attribute-Based Access Control with Effective User Revocation for Cloud Data Sharing System

With the development and benefits of cloud computing, nowadays more and more users outsource their data to third party cloud storage servers for ease of sharing and cost saving. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a promising tool for enabling fine-grained access control over the shared data in the cloud. However, the practical application of CP-ABE in cloud data sharing system also has its own inherent challenge to regard with user revocation. To address this challenge, the paper proposes a CP-ABE scheme which supports an effective user revocation mechanism by introducing "the essential attribute" and by considering minimally trusted proxy servers, the essential attribute must be included in both ciphertext and update-key. By excluding the revoked users from update-key (which is a part of a decryption key) and by re-encrypting the only component in ciphertexts, which is associated with the essential attribute, our scheme achieves immediate and complete user revocation mechanism in CP-ABE. The proposed scheme enables a scalable and fine-grained access control for cloud data sharing system. Our scheme provides more efficiency and security level simultaneously comparing to the existing user revocable CP-ABE scheme.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Zhiqian Xu,et al.  Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption in Cloud Storage , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Liaojun Pang,et al.  A Survey of Research Progress and Development Tendency of Attribute-Based Encryption , 2014, TheScientificWorldJournal.

[5]  Jie Wu,et al.  Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers , 2011, Comput. Secur..

[6]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[7]  Donald F. Towsley,et al.  On Dynamic Subset Difference Revocation Scheme , 2004, NETWORKING.

[8]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[9]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[10]  Xiaodong Lin,et al.  Ciphertext Policy Attribute Based Encryption with Efficient Revocation , 2009 .

[11]  Sushmita Ruj,et al.  Temporal Access Control with User Revocation for Cloud Data , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[12]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[13]  Hideki Imai,et al.  Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes , 2009, IMACC.

[14]  Pieter H. Hartel,et al.  Efficient and Provable Secure Ciphertext-Policy Attribute-Based Encryption Schemes , 2008, ISPEC.

[15]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.