FDR-ABE: Attribute-Based Encryption with Flexible and Direct Revocation

In attribute-based encryption (ABE) systems, the revocation issue is essential and difficult, since users may change their attributes frequently in practice and each attribute is conceivably shared by multiple users. To our knowledge, all the existing ABE schemes fail to support flexible and direct revocation due to the burdensome update of attribute secret keys and cipher texts. Aiming at tackling the challenge above, in this paper, we formalize the notion of cipher text policy ABE with flexible and direct revocation (FDR-CP-ABE), and give out a concrete construction, which supports direct attribute and user revocation and is applicable to the data sharing architecture. The proposed FDR-CP-ABE scheme outperforms the previous revocation-related methods in that it has constant-size cipher texts and only partial cipher texts need to be updated whenever revocation events occur. Furthermore, we show that our FDR-CP-ABE scheme is provably secure in the standard model and it cannot be achieved by trivial combinations of the techniques of CP-ABE and BE.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[3]  Goichiro Hanaoka,et al.  Generic Constructions for Chosen-Ciphertext Secure Attribute Based Encryption , 2011, Public Key Cryptography.

[4]  Tatsuaki Okamoto,et al.  Fully Secure Functional Encryption with General Relations from the Decisional Linear Assumption , 2010, IACR Cryptol. ePrint Arch..

[5]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[6]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[7]  Jin Li,et al.  Efficient Fair Conditional Payments for Outsourcing Computations , 2012, IEEE Transactions on Information Forensics and Security.

[8]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[9]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[10]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[11]  Jin Li,et al.  Privacy-Aware Attribute-Based Encryption with User Accountability , 2009, ISC.

[12]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[13]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[14]  Jin Li,et al.  Outsourcing Encryption of Attribute-Based Encryption with MapReduce , 2012, ICICS.

[15]  Hideki Imai,et al.  Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes , 2009, IMACC.

[16]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[17]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[18]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[19]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[20]  Cheng Chen,et al.  Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost , 2011, ProvSec.

[21]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[22]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[23]  Dongqing Xie,et al.  Multi-authority ciphertext-policy attribute-based encryption with accountability , 2011, ASIACCS '11.

[24]  Jianfeng Ma,et al.  New Algorithms for Secure Outsourcing of Modular Exponentiations , 2014, IEEE Trans. Parallel Distributed Syst..

[25]  Jin Li,et al.  Anonymous attribute-based encryption supporting efficient decryption test , 2013, ASIA CCS '13.

[26]  Jessica Staddon,et al.  A content-driven access control system , 2008, IDtrust '08.