Abstract:Ciphertext-Policy Attribute-Based Encryption (CP-ABE), especially large universe CP-ABE that is not bounded with the attribute set, is getting the more and the more extensive application to the cloud storage. However, there exists an important challenge in original large universe CP-ABE, namely dynamic user and attribute revocation. In this paper, a large universe CP-ABE scheme with efficient attribute level user revocation is proposed, namely the revocation to an attribute of some user can not influence the common access of other legitimate attributes. To achieve the revocation, the master key is divided into two parts: delegation key and secret key, which are sent to the cloud provider and user separately. In this scheme proposed, if an attribute is revoked, then the ciphertext corresponding to this attribute should be updated so that only persons who are not revoked will be able to carry out key updating and decrypt the ciphertext successfully. Note that, the proposed scheme is proved selectively secure in the standard model under “q-type” assumption. Finally, the performance analysis and experimental verification are carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although the proposed scheme increases the Computational load of Storage service Provider (CSP) in order to achieve the attribute revocation, it does not need the participation of Attribute Authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except of the private key, thus saving the storage space greatly.
SAHAI A and WATERS B. Fuzzy Identity-Based Encryption [M]. Heidelberg, Berlin, Springer, 2005: 457-473. doi: 10.1007 /11426639_27.
[2]
YADAV U C. Ciphertext-policy attribute-based encryption with hiding access structure[C]. 2015 IEEE International Advance Computing Conference (IACC), Bangalore, India, 2015: 6-10. doi: 10.1109/IADCC.2015.7154664.
[3]
WANG M, ZHANG Z, and CHEN C. Security analysis of a privacy-preserving decentralized ciphertext-policy attribute- based encryption scheme[J]. Concurrency & Computation Practice & Experience, 2016, 28(4): 1237-1245. doi: 10.1002/ cpe.3623.
[4]
NARUSE T, MOHRI M, and SHIRAISHI Y. Provably secure attribute-based encryption with attribute revocation and grant function using proxy re-encryption and attribute key for updating[J]. Human-centric Computing and Information Sciences, 2015, 5(1): 1-13. doi: 10.1186/s13673-015-0027-0.
[5]
LEWKO A, OKAMOTO T, SAHAI A, et al. Fully Secure Functional Encryption: Attribute-based Encryption and (Hierarchical) inner Product Encryption[M]. Heidelberg, Berlin, Springer, 2010: 62-91. doi: 10.1007/978-3-642-13190- 5_4.
[6]
RAHULAMATHAVAN Y, VELURU S, HAN J, et al. User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption[J]. IEEE Transactions on Computers, 2016, 65(9): 2939-2946. doi: 10.1109/TC.2015.2510646.
[7]
LEWKO A and WATERS B. Unbounded HIBE and attribute-based encryption[C]. International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology, Tallinn, Estonia, 2011: 547-567.
[8]
ROUSELAKIS Y and WATERS B. Practical constructions and new proof methods for large universe attribute-based encryption[C]. ACM Sigsac Conference on Computer & Communications Security, Berlin, Germany, 2013: 463-474.
[9]
OSTROVSKY R, SAHAI A, and WATERS B. Attribute- based encryption with non-monotonic access structures[C]. CCS 07 ACM Conference on Computer & Communications Security, Alexandria, Virginia, USA, 2007: 195-203.
[10]
STADDON J, GOLLE P, et al. A content-driven access control system[C]. Proceedings of the 7th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA, 2008: 26-35.
[11]
LIANG X, LU R, and LIN X. Ciphertext policy attribute based encryption with efficient revocation[OL]. https:// www.ResearchGate.net/publication/255670422, 2010.
[12]
BETHENCOURT J, SAHAI A, and WATERS B. Ciphertext-policy attribute-based encryption[C]. IEEE Symposium on Security and Privacy, Oakland, California, USA, 2007: 321-334.
[13]
BOLDYREVA A, GOYAL V, and KUMAR V. Identity- based encryption with efficient revocation[C]. ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, 2008: 417-426.
[14]
PIRRETTI M, TRAYNOR P, MCDANIEL P, et al. Secure attribute-based systems[C]. ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 2006: 799-837.
[15]
YANG K, JIA X, and REN K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems[C]. ACM Sigsac Symposium on Information, Computer and Communications Security, Denver, Colorado, 2015: 523-528.
[16]
HUR J and NOH D K. Attribute-based access control with efficient revocation in data outsourcing systems[J]. IEEE Transactions on Parallel & Distributed Systems, 2011, 22(7): 1214-1221.
[17]
BONEH D and BOYEN X. Efficient selective-ID Secure identity-based encryption without random oracles[C]. Advancesin Cryptology-EUROCRYPT 2004, Lecture Notes in Computer Science, Berlin, Heidelberg, 2004, 3027: 223-238.
[18]
DAN B, GENTRY C, and WATERS B. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys[M]. Heidelberg, Berlin, Springer, 2005: 258-275.
[19]
LYNN B. The Pairing-Based Cryptography (PBC) library [OL]. http://crypto.stanford.edu/pbc,2006.
[20]
BETHENCOURT J, SAHAI A, and WATERS B. Advanced crypto software collection: The cpabetoolkit[OL]. http://acsc. cs.utexas.edu/cpabe,2011.