An Encryption and Decryption Outsourcing CP-ABE scheme Supporting Efficient Ciphertext Evolution

Attribute-based encryption (ABE) provides fine-grained access control policy for encrypted data in semi-trusted cloud storage system, while encryption and decryption are quite expensive for users with resource constrained devices. Besides, key compromise also brings great security risks to the stored ciphertext for its long-term immutability. On one hand, ABE with decryption outsourcing is preferred to relieve user's computation cost, but the computational overhead of encryption for users also needs to be taken into account. On the other, the stored ciphertext needs to be updated periodically with a new method instead of data re-encryption with heavy computation and communication overhead. Therefore, a novel ciphertext-policy attribute-based encryption scheme supporting efficient periodic ciphertext evolution with encryption and decryption outsourcing (EDO-CE-CPABE) was proposed which can solve the aforementioned issues. It can ensure that the ciphertext and the key are transformed synchronously. As a result, legitimate users can always access data, while the key and the ciphertext are changing periodically from the view of an attacker. Security and performance analysis demonstrate the security, effectiveness and practicability of the proposed scheme, which also illustrates that periodic ciphertext evolution can reduce the probability for successful attacks and attribute revocation is supported to change user's access rights timely and effectively. Also, computation cost for users can be effectively reduced by encryption and decryption outsourcing.

[1]  Kwangsu Lee,et al.  Self-updatable encryption with short public parameters and its extensions , 2016, Des. Codes Cryptogr..

[2]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[3]  Milan Petkovic,et al.  Attribute-based encryption with encryption and decryption outsourcing , 2014 .

[4]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[5]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[6]  Zoe L. Jiang,et al.  Attribute-Based Encryption Scheme Supporting Decryption Outsourcing and Attribute Revocation in Cloud Storage , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[7]  Jianfeng Ma,et al.  Secure, efficient and revocable multi-authority access control system in cloud storage , 2016, Comput. Secur..

[8]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[9]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Zhihua Xia,et al.  Attribute-based access control scheme with efficient revocation in cloud computing , 2016, China Communications.

[11]  Dong Hoon Lee,et al.  Self-updatable encryption: Time constrained access control with hidden attributes and better efficiency , 2013, Theor. Comput. Sci..

[12]  Jian Shen,et al.  User Collusion Avoidance CP-ABE With Efficient Attribute Revocation for Cloud Storage , 2018, IEEE Systems Journal.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[14]  Jin Li,et al.  Identity-Based Encryption with Outsourced Revocation in Cloud Computing , 2015, IEEE Transactions on Computers.

[15]  Zoe L. Jiang,et al.  Practical attribute-based encryption: Outsourcing decryption, attribute revocation and policy updating , 2018, J. Netw. Comput. Appl..

[16]  Zoe L. Jiang,et al.  A Traceable Outsourcing CP-ABE Scheme with Attribute Revocation , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[17]  Bharat K. Bhargava,et al.  SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems , 2016, Comput. Secur..

[18]  Keita Emura,et al.  Generic Constructions for Fully Secure Revocable Attribute-Based Encryption , 2017, ESORICS.

[19]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[20]  Jin Li,et al.  Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing , 2017, Inf. Sci..

[21]  Sherman S. M. Chow A Framework of Multi-Authority Attribute-Based Encryption with Outsourcing and Revocation , 2016, SACMAT.

[22]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[23]  Terence Chan,et al.  Updatable encryption in distributed storage systems using key-homomorphic pseudorandom functions , 2016, Int. J. Inf. Coding Theory.

[24]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[25]  Kenneth G. Paterson,et al.  Key Rotation for Authenticated Encryption , 2017, CRYPTO.

[26]  Xiaojiang Du,et al.  Efficient attribute-based encryption with attribute revocation for assured data deletion , 2018, Inf. Sci..

[27]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[28]  Keita Emura,et al.  Revocable Identity-Based Cryptosystem Revisited: Security Models and Constructions , 2014, IEEE Transactions on Information Forensics and Security.

[29]  Ya Xiao,et al.  Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation , 2018, Sensors.

[30]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.

[31]  Jiguo Li,et al.  Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing , 2017, IEEE Transactions on Services Computing.

[32]  Yohei Watanabe,et al.  Identity-Based Hierarchical Key-Insulated Encryption Without Random Oracles , 2016, Public Key Cryptography.