Abstract
Ciphertext policy attribute-based encryption (CP-ABE) is a promising cryptographic technology and a key component that enable secure data sharing in a cloud environment through fine-grained access control. Since it was introduced, many interesting schemes have been proposed. However, in addition to managing data sharing through access control, a comprehensive scheme should also cater for user revocation and ciphertext queries. This is because in a cloud environment new users may join while existing users may leave the system. At the same time, given the potentially large amount of data stored in a cloud storage, user should be able to retrieve the required files efficiently in a privacy-preserving manner. To address the above issue, in this paper, we propose a practical searchable CP-ABE scheme supporting user revocation. In contrast to existing schemes that provide only single keyword query, our efficient search function provides conjunctive search, which allows user to locate a ciphertext related to a set of keywords. The computation overhead of our user revocation is at least on par with existing schemes. Besides, the security analysis indicates that the proposed scheme is secure under the decisional Bilinear Diffie-Hellman assumption. We also provide extensive experimental results to confirm the efficiency and feasibility of our proposed construction.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beimel, A.: Secure schemes for secret sharing and key distribution. Int. J. Pure Appl. Math. (1996)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)
De Caro, A., Iovino, V.: JPBC: Java pairing based cryptography. In: Computers and Communications, pp. 850–855 (2011)
Cui, J., Zhou, H., Zhong, H., Yan, X.: Akser: attribute-based keyword search with efficient revocation in cloud computing. Inf. Sci. 423, 343–352 (2018)
Ge, X., Jia, Y., Chengyu, H., Zhang, H., Hao, R.: Enabling efficient verifiable fuzzy keyword search over encrypted data in cloud computing. IEEE Access 6, 45725–45739 (2018)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
Imine, Y., Lounis, A., Bouabdallah, A.: Revocable attribute-based access control in mutli-autority systems. J. Netw. Comput. Appl. 122, 61–76 (2018)
Lewko, A., Waters, B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 180–198. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_12
Li, J., Yao, W., Zhang, Y., Qian, H., Han, J.: Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. Serv. Comput. 10(5), 785–796 (2017)
Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, Hong Kong, China, March, pp. 386–390 (2011)
Li, W., Xue, K., Xue, Y., Hong, J.: Tmacs: a robust and verifiable threshold multi-authority access control system in public cloud storage. IEEE Trans. Parallel Distrib. Syst. 27(5), 1484–1496 (2016)
Liang, K., Susilo, W.: Searchable attribute-based mechanism with efficient data sharing for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 10(9), 1981–1992 (2017)
Lin, S., Zhang, R., Ma, H., Wang, M.: Revisiting attribute-based encryption with verifiable outsourced decryption. IEEE Trans. Inf. Forensics Secur. 10(10), 2119–2130 (2017)
Ning, J., Cao, Z., Dong, X., Gong, J., Chen, J.: Traceable CP-ABE with short ciphertexts: how to catch people selling decryption devices on eBay efficiently. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016, Part II. LNCS, vol. 9879, pp. 551–569. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_28
Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(\sigma \) -time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 13(1), 94–105 (2017)
Ning, J., Cao, Z., Dong, X., Liang, K., Wei, L., Choo, K.-K.R.: Cryptcloud+: secure and expressive data access control for cloud storage. IEEE Trans. Serv. Comput. (2018)
Ning, J., Cao, Z., Dong, X., Wei, L.: White-box traceable CP-ABE for cloud storage service: how to catch people leaking their access credentials effectively. IEEE Trans. Dependable Secur. Comput. 15(5), 883–897 (2016)
Ning, J., Cao, Z., Dong, X., Wei, L., Lin, X.: Large universe ciphertext-policy attribute-based encryption with white-box traceability. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part II. LNCS, vol. 8713, pp. 55–72. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_4
Ning, J., Dong, X., Cao, Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015, Part II. LNCS, vol. 9327, pp. 270–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_14
Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forensics Secur. 10(6), 1274–1288 (2015)
Ning, J., Jia, X., Liang, K., Zhang, F., Chang, E.-C.: Passive attacks against searchable encryption. IEEE Trans. Inf. Forensics Secur. 14(3), 789–802 (2019)
Padhya, M., Jinwala, D.: A novel approach for searchable CP-ABE with hidden ciphertext-policy. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 167–184. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13841-1_10
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, S&P 2000, Proceedings, pp. 44–55. IEEE (2000)
Su, H., Zhu, Z., Sun, L., Pan, N.: Practical searchable CP-ABE in cloud storage. In: 2nd IEEE International Conference on Computer and Communications (ICCC), pp. 180–185. IEEE (2016)
Sun, W., Yu, S., Lou, W., Hou, Y.T., Li, H.: Protecting your right: attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud. In: IEEE Proceedings on INFOCOM 2014, pp. 226–234. IEEE (2014)
Wang, H., Dong, X., Cao, Z.: Multi-value-independent ciphertext-policy attribute based encryption with fast keyword search. IEEE Trans. Serv. Comput. (2017)
Wang, S., Zhang, X., Zhang, Y.: Efficiently multi-user searchable encryption scheme with attribute revocation and grant for cloud storage. Plos One 11(11), e0167157 (2016)
Wang, S., Zhou, J., Liu, J.K., Yu, J., Chen, J., Xie, W.: An efficient file hierarchy attribute-based encryption scheme in cloud computing. IEEE Trans. Inf. Forensics Secur. 11(6), 1265–1277 (2016)
Xiong, A.-P., Gan, Q.-X., He, X.-X., Zhao, Q.: A searchable encryption of CP-ABE scheme in cloud storage. In: 10th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP 2013), pp. 345–349. IEEE (2013)
Yang, Y., Liu, J.K., Liang, K., Choo, K.-K.R., Zhou, J.: Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015, Part II. LNCS, vol. 9327, pp. 146–166. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24177-7_8
Yang, Y., Li, H., Liu, W., Yao, H., Wen, M.: Secure dynamic searchable symmetric encryption with constant document update cost. In: Global Communications Conference (GLOBECOM), IEEE 2014 , pp. 775–780. IEEE (2014)
Zhang, P., Chen, Z., Liang, K., Wang, S., Wang, T.: A cloud-based access control scheme with user revocation and attribute update. In: Liu, J.K.K., Steinfeld, R. (eds.) ACISP 2016, Part I. LNCS, vol. 9722, pp. 525–540. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40253-6_32
Acknowledgements
We are grateful to the anonymous reviewers for their invaluable suggestions. This work was supported in part by the National Natural Science Foundation of China (61472343,61702237), the Natural Science Foundation of Jiangsu Province, China (BK20150241), National Research Foundation, Prime Minister’s Office, Singapore, under its Corporate Laboratory@University Scheme, National University of Singapore, and Singapore Telecommunications Ltd.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, J., Yin, X., Ning, J., Poh, G.S. (2019). Attribute-Based Encryption with Efficient Keyword Search and User Revocation. In: Guo, F., Huang, X., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2018. Lecture Notes in Computer Science(), vol 11449. Springer, Cham. https://doi.org/10.1007/978-3-030-14234-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-14234-6_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-14233-9
Online ISBN: 978-3-030-14234-6
eBook Packages: Computer ScienceComputer Science (R0)