Abstract
As a special kind of public-key encryption, attribute-based encryption (ABE) is able to achieve fine-grained access control mechanism by offering one-to-many encryption. Due to such unique characteristic, this primitive is widely employed in the cloud computing environment to provide flexible and secure data sharing. However, how to revoke the access privilege of a user to access encrypted data stored in cloud servers is challenging. Furthermore, the complex operation of ABE may cause a huge computational cost and is usually considered to be a heavy burden for system users. Motivated by the practical needs, an ABE scheme called efficient and revocable storage CP-ABE scheme with outsourced decryption and constant-size ciphertexts and secret keys is proposed in this paper. Our scheme offers the following features:
-
1.
Chinese remainder theorem is utilized to achieve revocable storage. In detail, third party severs are allowed to update ciphertexts stored on them so that those revoked users cannot decrypt any ciphertexts any more.
-
2.
To minimize local operations, the concept of outsourced ABE system with constant-size ciphertexts and secret keys are introduced. More specifically, decryptor is able to outsource most of computing work to the outsourcing service providers.
In addition, the scheme is provably secure against selectively chosen-ciphertext attack. At the end, we describe how to deploy the scheme in cloud computing environment.
Similar content being viewed by others
References
Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I et al (2010) A view of cloud computing. Commun ACM 53(4):50–58
Attrapadung N, Imai H (2009) Attribute-based encryption supporting direct/indirect revocation modes. In: Proceedings of the 12th IMA international conference, cryptography and coding 2009, pp 278–300
Attrapadung N, Imai H (2009) Conjunctive broadcast and attribute-based encryption. Pairing 5671:248–265
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: IEEE symposium on security and privacy, 2007. SP’07. IEEE, pp 321–334
Boldyreva A, Goyal V, Kumar V (2008) Identity-based encryption with efficient revocation. In: Proceedings of the 15th ACM conference on computer and communications security. ACM, pp 417–426
Boneh D, Gentry C, Waters B (2005) Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Crypto, vol 3621. Springer, pp. 258–275
Chen C, Chen J, Lim HW, Zhang Z, Feng D, Ling S, Wang H (2013) Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. In: CT-RSA. Springer, pp 50–67
Doshi N, Jinwala DC (2014) Fully secure ciphertext policy attribute-based encryption with constant length ciphertext and faster decryption. Secur Commun Netw 7(11):1988–2002
Emura K, Miyaji A, Nomura A, Omote K, Soshi M (2009) A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. In: ISPEC, vol 9. Springer, pp 13–23
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security. ACM, pp 89–98
Green M, Hohenberger S, Waters B et al (2011) Outsourcing the decryption of ABE ciphertexts. In: USENIX security symposium, vol 2011
Guo F, Mu Y, Susilo W, Wong DS, Varadharajan V (2014) CP-ABE with constant-size keys for lightweight devices. IEEE Trans Inf Forensics Secur 9(5):763–771
Hayes B (2008) Cloud computing. Commun ACM 51(7):9–11
Herranz J, Laguillaumie F, Ràfols C (2010) Constant size ciphertexts in threshold attribute-based encryption. Public Key Cryptogr PKC 2010:19–34
Kamara S, Lauter KE et al (2010) Cryptographic cloud storage. In: Financial cryptography workshops, vol 6054. Springer, pp 136–149
Lai J, Deng RH, Guan C, Weng J (2013) Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 8(8):1343–1354
Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Li J, Jia C, Li J, Chen X (2012) Outsourcing encryption of attribute-based encryption with mapreduce. In: Information and communications security, pp. 191–201
Li K, Ma H (2014) Outsourcing decryption of multi-authority abe ciphertexts. IJ Netw Secur 16(4):286–294
Li M, Yu S, Zheng Y, Ren K, Lou W (2013) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans Parallel Distrib Syst 24(1):131–143
Lyuu YD, Wu ML (2002) A fully public-key traitor-tracing scheme. In: 6th WSEAS international multiconference CSCC
Ma H, Zhang R, Wan Z, Lu Y, Lin S (2015) Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing. IEEE Trans Dependable Secure Comput 14(6):679–692. https://doi.org/10.1109/TDSC.2015.2499755
Mao X, Lai J, Mei Q, Chen K, Weng J (2016) Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption. IEEE Trans Dependable Secure Comput 13(5):533–546
Mao X, Lai J, Mei Q, Chen K, Weng J (2016) Generic and efficient constructions of attribute-based encryption with verifiable outsourced decryption. IEEE Trans Dependable Secure Comput 13(5):533–546
Ni J, Zhang K, Lin X, Shen X (2017) Securing fog computing for internet of things applications: challenges and solutions. IEEE Commun Surv Tutor. https://doi.org/10.1109/COMST.2017.2762345
Odelu V, Das AK, Rao YS, Kumari S, Khan MK, Choo KKR (2017) Pairing-based CP-ABE with constant-size ciphertexts and secret keys for cloud environment. Comput Stand Interfaces 54:3–9
Qin B, Deng RH, Liu S, Ma S (2015) Attribute-based encryption with efficient verifiable outsourced decryption. IEEE Trans Inf Forensics Secur 10(7):1384–1393
Rolim CO, Koch FL, Westphall CB, Werner J, Fracalossi A, Salvador GS (2010) A cloud computing solution for patient’s data collection in health care institutions. In: Second international conference on eHealth, telemedicine, and social medicine, 2010. ETELEMED’10. IEEE, pp 95–99
Sahai A, Seyalioglu H, Waters B (2012) Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Advances in cryptology—CRYPTO 2012. Springer, pp 199–217
Sahai A, Waters B et al (2005) Fuzzy identity-based encryption. In: Eurocrypt, vol 3494. Springer, pp 457–473
Shen J, Zhou T, Chen X, Li J, Susilo W (2017) Anonymous and traceable group data sharing in cloud computing. IEEE Trans Inf Forensics Secur PP(99):1–1
Teng CC, Mitchell J, Walker C, Swan A, Davila C, Howard D, Needham T (2010) A medical image archive solution in the cloud. In: 2010 IEEE international conference on software engineering and service sciences (ICSESS). IEEE, pp 431–434
Wang H, Zheng Z, Lei W, Wang Y (2015) Adaptively secure outsourcing ciphertext-policy attribute-based encryption. J Comput Res Dev 52(10):2270–2280
Xiong H, Sun J (2017) Comments on verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing. IEEE Trans Dependable Secure Comput 14(4):461–462
Xiong H, Wang Q, Sun J (2017) Comments on “Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation”. Inf Process Lett 127:67–70. https://doi.org/10.1016/j.ipl.2017.07.008
Xu Z, Martin KM (2012) Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. In: 2012 IEEE 11th international conference on trust, security and privacy in computing and communications (TrustCom). IEEE, pp 844–849
Xu J, Wen Q, Li W, Jin Z (2016) Circuit ciphertext-policy attribute-based hybrid encryption with verifiable delegation in cloud computing. IEEE Trans Parallel Distrib Syst 27(1):119–129
Yang CT, Chen LT, Chou WL, Wang KC (2010) Implementation of a medical image file accessing system on cloud computing. In: 2010 IEEE 13th international conference on computational science and engineering (CSE). IEEE, pp 321–326
Yu S, Wang C, Ren K, Lou W (2010) Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM symposium on information, computer and communications security. ACM, pp 261–270
Zhang R, Ma H, Lu Y (2017) Fine-grained access control system based on fully outsourced attribute-based encryption. J Syst Softw 125:344–353
Zhang Y, Zheng D, Chen X, Li J, Li H (2014) Computationally efficient ciphertext-policy attribute-based encryption with constant-size ciphertexts. In: International conference on provable security. Springer, pp 259–273
Zhou Z, Huang D (2010) On efficient ciphertext-policy attribute based encryption and broadcast encryption. In: Proceedings of the 17th ACM conference on computer and communications security. ACM, pp 753–755
Acknowledgements
This work was supported in part by the National Science Foundation of China (Nos. 61370026 and U1401257), Science and Technology Project of Guangdong Province (No. 2016A010101002), 13th Five-Year Plan of National Cryptography Development Fund for Cryptographic Theory of China (MMJJ20170204), Fundamental Research Funds for the Central Universities (No. ZYGX2016J091), Guangxi Colleges and Universities Key Laboratory of cloud computing and complex systems and Neijiang Science and Technology Incubating Project (No. 170676).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhao, Y., Ren, M., Jiang, S. et al. An efficient and revocable storage CP-ABE scheme in the cloud computing. Computing 101, 1041–1065 (2019). https://doi.org/10.1007/s00607-018-0637-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-018-0637-2