Time-Based Direct Revocable Ciphertext-Policy Attribute-Based Encryption with Short Revocation List

In this paper, we propose an efficient revocable Ciphertext-Policy Attribute-Based Encryption (CP-ABE) scheme. We base on the direct revocation approach, by embedding the revocation list into ciphertext. However, since the revocation list will grow longer as time goes by, we further leverage this by proposing a secret key time validation technique so that users will have their keys expired on a date and the revocation list only needs to include those user keys revoked before their intended expired date (e.g. those user keys which have been stolen before expiry). These keys can be removed from the revocation list after their expiry date in order to keep the revocation list short, as these keys can no longer be used to decrypt ciphertext generated after their expiry time. This technique is derived from Hierarchical Identity-based Encryption (HIBE) mechanism and thus time periods are in hierarchical structure: year, month, day. Users with validity of the whole year can decrypt any ciphertext associated with time period of any month or any day within the year. By using this technique, the size of public parameters and user secret key can be greatly reduced. A bonus advantage of this technique is the support of discontinuity of user validity (e.g. taking no-paid leave).

[1]  Siu-Ming Yiu,et al.  Identity-Based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks , 2014, ESORICS.

[2]  Zoe L. Jiang,et al.  A general framework for secure sharing of personal health records in cloud system , 2017, J. Comput. Syst. Sci..

[3]  Joseph K. Liu,et al.  Towards Revocable Fine-Grained Encryption of Cloud Data: Reducing Trust upon Cloud , 2017, ACISP.

[4]  Jing Wang,et al.  An Access Control Scheme with Direct Cloud-Aided Attribute Revocation Using Version Key , 2014, ICA3PP.

[5]  Nuttapong Attrapadung,et al.  Functional Encryption for Inner Product: Achieving Constant-Size Ciphertexts with Adaptive Security or Support for Negation , 2010, Public Key Cryptography.

[6]  Kaiping Xue,et al.  Comments on “DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems”/Security Analysis of Attribute Revocation in Multiauthority Data Access Control for Cloud Storage Systems , 2015, IEEE Transactions on Information Forensics and Security.

[7]  Fatos Xhafa,et al.  An efficient PHR service system supporting fuzzy keyword search and fine-grained access control , 2013, Soft Computing.

[8]  Joseph K. Liu,et al.  Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption , 2015, Future Gener. Comput. Syst..

[9]  Mingwu Zhang New Model and Construction of ABE: Achieving Key Resilient-Leakage and Attribute Direct-Revocation , 2014, ACISP.

[10]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[11]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[12]  Joseph K. Liu,et al.  Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data , 2015, ESORICS.

[13]  Joseph K. Liu,et al.  Traceable and Retrievable Identity-Based Encryption , 2008, ACNS.

[14]  K. Kuppusamy,et al.  Ciphertext-Policy Attribute-Based Encryption with User Revocation Support , 2013, QSHINE.

[15]  Sourav Mukhopadhyay,et al.  General Circuit Realizing Compact Revocable Attribute-Based Encryption from Multilinear Maps , 2015, ISC.

[16]  Tsz Hon Yuen,et al.  Practical Hierarchical Identity Based Encryption and Signature schemes Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[17]  Jin Li,et al.  New Ciphertext-Policy Attribute-Based Access Control with Efficient Revocation , 2013, ICT-EurAsia.

[18]  Joseph K. Liu,et al.  Fine-Grained Two-Factor Access Control for Web-Based Cloud Computing Services , 2016, IEEE Transactions on Information Forensics and Security.

[19]  Weixin Xie,et al.  An Efficient File Hierarchy Attribute-Based Encryption Scheme in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[20]  Jiguo Li,et al.  Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation , 2014, International Journal of Information Security.

[21]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[22]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[23]  Joseph K. Liu,et al.  A DFA-Based Functional Proxy Re-Encryption Scheme for Secure Public Cloud Data Sharing , 2014, IEEE Transactions on Information Forensics and Security.

[24]  Y. Sreenivasa Rao,et al.  A secure and efficient Ciphertext-Policy Attribute-Based Signcryption for Personal Health Records sharing in cloud computing , 2017, Future Gener. Comput. Syst..

[25]  Masami Mohri,et al.  Attribute-Based Encryption with Attribute Revocation and Grant Function Using Proxy Re-encryption and Attribute Key for Updating , 2014 .

[26]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[27]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[28]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[29]  Robert H. Deng,et al.  Practical ID-based encryption for wireless sensor network , 2010, ASIACCS '10.

[30]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[31]  Joseph K. Liu,et al.  A secure and efficient Ciphertext-Policy Attribute-Based Proxy Re-Encryption for cloud data sharing , 2015, Future Gener. Comput. Syst..

[32]  Robert H. Deng,et al.  Server-Aided Revocable Attribute-Based Encryption , 2016, ESORICS.

[33]  Yanjiang Yang,et al.  Achieving Revocable Fine-Grained Cryptographic Access Control over Cloud Data , 2013, ISC.

[34]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[35]  Yun Ling,et al.  Fine-Grained Two-Factor Protection Mechanism for Data Sharing in Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[36]  Balqies Sadoun,et al.  The BAU GIS system using open source mapwindow , 2015, Human-centric Computing and Information Sciences.

[37]  Dongdong Sun,et al.  Fully Private Revocable Predicate Encryption , 2012, ACISP.

[38]  Zhen Liu,et al.  Practical Ciphertext-Policy Attribute-Based Encryption: Traitor Tracing, Revocation, and Large Universe , 2015, ACNS.

[39]  Ivan Stojmenovic,et al.  DACC: Distributed Access Control in Clouds , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[40]  Joseph K. Liu,et al.  Identity-based online/offline key encapsulation and encryption , 2011, ASIACCS '11.

[41]  Weixin Xie,et al.  Attribute-Based Data Sharing Scheme Revisited in Cloud Computing , 2016, IEEE Transactions on Information Forensics and Security.

[42]  HuangXinyi,et al.  Secure sharing of Personal Health Records in cloud computing , 2015 .

[43]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[44]  Wujun Zhang,et al.  Attribute-Based Fine-Grained Access Control with User Revocation , 2014, ICT-EurAsia.

[45]  Masami Mohri,et al.  Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating , 2015, Human-centric Computing and Information Sciences.

[46]  Jin Li,et al.  An Efficient Ciphertext-Policy Attribute-Based Access Control towards Revocation in Cloud Computing , 2013, J. Univers. Comput. Sci..

[47]  Hideki Imai,et al.  Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes , 2009, IMACC.

[48]  Sourav Mukhopadhyay,et al.  Adaptively Secure Unrestricted Attribute-Based Encryption with Subset Difference Revocation in Bilinear Groups of Prime Order , 2016, AFRICACRYPT.

[49]  Dengguo Feng,et al.  Towards Attribute Revocation in Key-Policy Attribute Based Encryption , 2011, CANS.

[50]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[51]  Wanlei Zhou,et al.  Efficient Fine-Grained Access Control for Secure Personal Health Records in Cloud Computing , 2016, NSS.

[52]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.