Revocable Attribute-based Encryption with Escrow-free in Cloud Storage
ZHAO Zhiyuan① ZHU Zhiqiang①② WANG Jianhua①③ SUN Lei①
①(The Third College, Information Engineering University, Zhengzhou 450001, China) ②(Zhengzhou Xin Da Advanced Technology Research Institute, Zhengzhou 450001, China) ③(Electronic Technology Institute of Air Force, Beijing 100195, China)
Abstract:Attribute-Based Encryption (ABE) scheme is widely used in cloud storage, which can achieve fine-grained access control. However, the original attribute-based encryption schemes have key escrow and attribute revocation problems. To solve these problems, this paper proposes a ciphertext-based ABE scheme. In the scheme, the key escrow problem could be solved by escrow-free key issuing protocol, which is constructed using the secure two-party computation between the attribute authority and the central controller. By updating the attribute version key, the scheme can achieve attribute-level user revocation. And by central controller, the scheme can achieve system-level user revocation. In order to reduce the user,s computational burden of decryption, this scheme outsources the complicated pair operation to cloud service providers. Based on the assumption of q-Parallel BDHE, the scheme is proved that is the security of the chosen plaintext attack in the random oracle model. Finally, the efficiency and function of this scheme are analyzed theoretically and experimentally. The experimental results show that the proposed scheme does not have key escrow problem and has the higher system efficiency.
ZHANG Yuqing, WANG Xiaofei, LIU Xuefeng, et al. Survey on cloud computing security[J]. Journal of Software, 2016, 27(6): 1328-1348. doi: 10.13328/j.cnki.jos.005004.
[2]
MOROVATI K, KADAM S, and GHORBANI A. A network based document management model to prevent data extrusion[J]. Computers & Security, 2016, 59(c): 71-91. doi: 10.1016/j.cose.2016.02.003.
[3]
BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. 2007 IEEE Symposium on Security and Privacy (SP'07), Berkeley, CA, USA, 2007: 321-334. doi: 10.1109/SP.2007.11.
[4]
LIU C W, HSIEN W F, YANG C C, et al. A survey of attribute-based access control with user revocation in cloud data storage[J]. International Journal of Network Security, 2016, 18(5): 900-916.
[5]
PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems[C]. Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2006: 99-112. doi: 10.1145/ 1180405.1180419.
[6]
BOLDYREVA A, GOYAL V, and KUMAR V. Identity- based encryption with efficient revocation[C]. Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2008: 417-426. doi: 10.1145/1455770.1455823.
[7]
HUANG Q, MA Z, YANG Y, et al. EABDS: Attribute-based secure data sharing with efficient revocation in cloud computing[J]. Chinese Journal of Electronics, 2015, 24(4): 862-868. doi: 10.1049/cje.2015.10.033.
[8]
IBRAIMI L, PETKOVIC M, NIKOVA S, et al. Mediated ciphertext-policy attribute-based encryption and its application[C]. Information Security Applications: 10th International Workshop, Busan, Korea, 2009: 309-323. doi: 10.1007/978-3-642-10838-9_23.
[9]
YU S, WANG C, REN K, et al. Attribute based data sharing with attribute revocation[C]. Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010: 261-270. doi: 10.1145/1755688. 1755720.
[10]
HUR J and NOH D K. Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(7): 1214-1221. doi: 10.1109/TPDS.2010.203.
[11]
YANG K, JIA X, and REN K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]. Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, Hangzhou, China, 2013: 523-528. doi: 10.1145/ 2484313.2484383.
[12]
ZU L, LIU Z, and LI J. New ciphertext-policy attribute-based encryption with efficient revocation[C]. IEEE International Conference on Computer and Information Technology, Xi,an, China, 2014: 281-287. doi: 10.1109/CIT.2014.97.
[13]
QIAN H, LI J, ZHANG Y, et al. Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation[J]. International Journal of Information Security, 2015, 14(6): 487-497. doi: 10.1007/ s10207-014-0270-9.
WANG Shangping, YU Xiaojuan, and ZHANG Yaling. Revocable key-policy attribute-based encryption scheme with two revocation lists[J]. Journal of Electronics & Information Technology, 2016, 38(6): 1406-1411. doi: 10.11999/ JEIT150845.
[15]
VAANCHIG N, CHEN W, and QIN Z. Fine-grained access control for cloud data sharing by secure and efficient attribute-revocable ciphertext-policy attribute-based encryption[J]. International Journal of Security and Its Applications, 2016, 10(10): 303-320. doi: 10.14257/ijsia. 2016.10.10.27.
[16]
HUR J. Improving security and efficiency in attribute-based data sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2013, 25(10): 2271-2282. doi: 10.1109/TKDE. 2011.78.
[17]
LYNN B. The pairing-based cryptography (PBC) library[OL]. http://crypto.stanford.edu/pbc.2006.
[18]
BETHENCOURT J, SAHAI A, and WATERS B. Advanced crypto software collection: the cpabetoolkit[OL]. http://acsc. cs.utexas.edu/cpabe.2011.