ABSTRACT
Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical applications usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we resolve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In addition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.
- J. Anderson. Computer Security Technology Planning Study. Air Force Electronic Systems Division, Report ESD-TR-73-51, 1972. http://seclab.cs.ucdavis.edu/projects/history/.Google Scholar
- J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-Policy Attribute-Based Encryption. In Proc. of SP'07, Washington, DC, USA, 2007. Google ScholarDigital Library
- M. Blaze, G. Bleumer, and M. Strauss. Divertible Protocols and Atomic Proxy Cryptography. In Proc. of EUROCRYPT '98, Espoo, Finland, 1998.Google ScholarCross Ref
- A. Boldyreva, V. Goyal, and V. Kumar. Identity-based Encryption with Efficient Revocation. In Proc. of CCS'08, Alexandria, Virginia, USA, 2008. Google ScholarDigital Library
- D. Boneh and M. Franklin. Identity-Based Encryption from The Weil Pairing. In Proc. of CRYPTO'01, Santa Barbara, California, USA, 2001. Google ScholarDigital Library
- S. Yu, K. Ren, W. Lou, and J. Li. Defending Against Key Abuse Attacks in KP-ABE Enabled Broadcast Systems. In Proc. of Securecomm'09, Athens, Greece, 2009.Google ScholarCross Ref
- R. Canetti, S. Halevi, and J. Katz. Chosen Ciphertext Security from Identity Based Encryption. In Proc. of EUROCRYPT'04, Interlaken, Switzerland, 2004.Google ScholarCross Ref
- R. Canetti and S. Hohenberger. Chosen-Ciphertext Secure Proxy Re-Encryption. In Proc. of CCS'07, New York, NY, USA, 2007. Google ScholarDigital Library
- L. Cheung and C. Newport. Provably Secure Ciphertext Policy ABE. In Proc. of CCS'07, New York, NY, USA, 2007. Google ScholarDigital Library
- R. H. Deng, J. Weng, S. Liu, and K. Chen. Chosen-Ciphertext Secure Proxy Re-encryption without Pairings. In Proc. of CANS'08, Berlin, Heidelberg, 2008. Google ScholarDigital Library
- S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Over-encryption: Management of Access Control Evolution on Outsourced Data. In Proc. of VLDB'07, Vienna, Austria, 2007. Google ScholarDigital Library
- V. Goyal, O. Pandey, A. Sahai, and B. Waters. Attribute-Based Encryption for Fine-grained Access Control of Encrypted Data. In Proc. of CCS'06, Alexandria, Virginia, USA, 2006. Google ScholarDigital Library
- S. Yu, K. Ren, and W. Lou. Attribute-Based On-Demand Multicast Group Setup with Membership Anonymity. In Proc. of SecureComm'08, Istanbul, Turkey, 2008. Google ScholarDigital Library
- M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu. Plutus: Scalable Secure File Sharing on Untrusted Storage. In Proc. of FAST'03, Berkeley, California, USA, 2003. Google ScholarDigital Library
- J. Li, K. Ren, B. Zhu, and Z. Wan. Privacy-Aware Attribute-Based Encryption with User Accountability. In Proc. of ISC'09, Pisa, Italy, 2009. Google ScholarDigital Library
- X. Liang, Z. Cao, H. Lin, and J. Shao. Attribute Based Proxy Re-encryption with Delegating Capabilities. In Proc. of ASIACCS'09, Sydney, Australia, 2009. Google ScholarDigital Library
- S. Yu, K. Ren, and W. Lou. Attribute-Based Content Distribution with Hidden Policy. In Proc. of NPSEC'08, Orlando, Florida, USA, 2008.Google Scholar
- M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure Atrribute-Based Systems. In Proc. of CCS'06, New York, NY, USA, 2006. Google ScholarDigital Library
- A. Sahai and B. Waters. Fuzzy Identity-Based Encryption. In Proc. of EUROCRYPT'05, Aarhus, Denmark, 2005. Google ScholarDigital Library
Index Terms
- Attribute based data sharing with attribute revocation
Recommendations
A ciphertext-policy attribute-based proxy re-encryption scheme for data sharing in public clouds
Ciphertext-policy attribute-based proxy re-encryption CP-ABPRE extends the traditional Proxy Re-Encryption PRE by allowing a semi-trusted proxy to transform a ciphertext under an access policy to another ciphertext with the same plaintext under a new ...
An Efficient Attribute Based Encryption Scheme with Revocation for Outsourced Data Sharing Control
IMCCC '11: Proceedings of the 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and ControlCipher text-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. However, when CP-ABE is used to control outsourced data sharing, it confronts two obstacles. Firstly, the data ...
Attribute based proxy re-encryption with delegating capabilities
ASIACCS '09: Proceedings of the 4th International Symposium on Information, Computer, and Communications SecurityAttribute based proxy re-encryption scheme (ABPRE) is a new cryptographic primitive which extends the traditional proxy re-encryption (public key or identity based cryptosystem) to the attribute based counterpart, and thus empower users with delegating ...
Comments