Abstract
With the prevalence of information sharing, preserving the confidentiality of sensitive data has become paramount. Attribute-based encryption (ABE) has become a viable option to tackle this problem. Using a set of attributes, data owners can encrypt data with ABE, and data is only accessible by users with the required attributes and authorization. However, there are various limitations associated with the traditional CP-ABE scheme, such as embedding user-sensitive information in the access structures without any hidden operations, an inability to effectively address the issue of user attribute changes, and vulnerability to internal attacks from cryptography devices. To address these limitations, researchers have proposed various enhanced ABE schemes. Mironov presented a concept of cryptographic reverse firewall (CRF) in Eurocrypt 2015, which could resist certain compromised machines from leaking secret information. The CRF has been deployed in many cryptographic systems, but its application in the ABE field has been relatively limited. This paper presents a novel attribute-based encryption scheme which incorporates attribute revocation, hidden policy components, and CRF mechanism to prevent attackers from internal attacks on cryptography devices. This scheme is applicable in various applications, such as cloud computing, where secure data sharing is required.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Beimel, A., et al.: Secure schemes for secret sharing and key distribution (1996)
Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_1
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334. IEEE (2007)
Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_16
Chen, R., Mu, Y., Yang, G., Susilo, W., Guo, F., Zhang, M.: Cryptographic reverse firewall via malleable smooth projective hash functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 844–876. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_31
Cheung, L., Cooley, J.A., Khazan, R., Newport, C.: Collusion-resistant group key management using attribute-based encryption. Cryptology ePrint Archive (2007)
Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 456–465 (2007)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98 (2006)
Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of \(\{\)ABE\(\}\) ciphertexts. In: 20th USENIX Security Symposium (USENIX Security 11) (2011)
Hong, B., Chen, J., Zhang, K., Qian, F.H.: Multi-authority non-monotonic KP-ABE with cryptographic reverse firewall. IEEE Access 7, 159002–159012 (2019)
Lai, J., Deng, R.H., Li, Y.: Expressive CP-ABE with partially hidden access structures. In: ACM Asia Conference on Computer and Communications Security (2012)
Liu, Z., Jiang, Z.L., Wang, X., Yiu, S.M.: Practical attribute-based encryption: outsourcing decryption, attribute revocation and policy updating. J. Netw. Comput. Appl. 108, 112–123 (2018)
Ma, H., Zhang, R., Yang, G., Song, Z., Sun, S., Xiao, Y.: Concessive online/offline attribute based encryption with cryptographic reverse firewalls—secure and efficient fine-grained access control on corrupted machines. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 507–526. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_25
Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 657–686. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_22
Ouyang, M., Wang, Z., Li, F.: Digital signature with cryptographic reverse firewalls. J. Syst. Architect. 116, 102029 (2021)
Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 99–112 (2006)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_27
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Wang, W., Zhang, G., Shen, Y.: A CP-ABE scheme supporting attribute revocation and policy hiding in outsourced environment. In: 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS), pp. 96–99. IEEE (2018)
Xiong, H., Zhou, Z., Wang, L., Zhao, Z., Huang, X., Zhang, H.: An anonymous authentication protocol with delegation and revocation for content delivery networks. IEEE Syst. J. 16(3), 4118–4129 (2021)
Yu, S., Ren, K., Lou, W.: Attribute-based content distribution with hidden policy. In: 2008 4th Workshop on Secure Network Protocols, pp. 39–44. IEEE (2008)
Yu, S., Ren, K., Lou, W.: Attribute-based on-demand multicast group setup with membership anonymity. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, pp. 1–6 (2008)
Zeng, P., Zhang, Z., Lu, R., Choo, K.K.R.: Efficient policy-hiding and large universe attribute-based encryption with public traceability for internet of medical things. IEEE Internet Things J. 8(13), 10963–10972 (2021)
Zhang, Y., Zheng, D., Deng, R.H.: Security and privacy in smart health: efficient policy-hiding attribute-based access control. IEEE Internet Things J. 5(3), 2130–2145 (2018)
Zhou, Y., Guo, J., Li, F.: Certificateless public key encryption with cryptographic reverse firewalls. J. Syst. Architect. 109, 101754 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhao, Y., Ke, XY., Pang, YW., Xiong, H., Zhu, GB., Yeh, KH. (2024). Revocable Attribute-Based Encryption Scheme with Cryptographic Reverse Firewalls. In: Tan, Z., Wu, Y., Xu, M. (eds) Big Data Technologies and Applications. BDTA 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 555. Springer, Cham. https://doi.org/10.1007/978-3-031-52265-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-52265-9_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-52264-2
Online ISBN: 978-3-031-52265-9
eBook Packages: Computer ScienceComputer Science (R0)