Abstract
Attribute-based encryption (ABE) has evolved as an efficient and secure method for storage of data with fine-grained access control in cloud platforms. In recent years, increasing diversification in the design of ABE schemes has led to significant research in the assimilation of properties like traceability, revocation, and outsourcing decryption. However, most of the recent ABE schemes incorporate few of these properties and hence lack in robustness to adapt with varying demands of cloud systems. In modern ABE designs, the notions of forward and backward secrecy have been introduced to accommodate the delegation of a large number of heterogeneous users in the system. In general, these features are realized under the concept of user revocation. On the other hand, to control malicious users in the system, it is necessary to implement traceability in integration with user revocation. Finally, for resource-constrained users, outsourcing decryption to proxy servers is a viable option. Thus, we propose PMTER-ABE, a practical decentralized multi-authority traceable and efficiently revocable attribute-based cryptosystem with outsourcing decryption advantage. The key features of our cryptosystem are (i) incorporating large attribute universe with highly expressive policies, (ii) integrating forward and backward secrecy under user revocation, (iii) implementing white-box traceability to detect malicious users, and (iv) outsourcing decryption to reduce the computational overhead of decryption on users. We present the formal proofs for correctness, security, and traceability of PMTER-ABE along with performance analysis. The efficiency and usability of PMTER-ABE is shown with practical implementation and experimental results.
Similar content being viewed by others
References
Wei, J., Liu, W., Hu, X.: Secure and efficient attribute-based access control for multiauthority cloud storage. IEEE Syst. J. 12(2), 1731–1742 (2018). https://doi.org/10.1109/JSYST.2016.2633559
Chase, M.: Multi-authority attribute based encryption. In: Proceedings of the 4th theory of cryptography conference, Amsterdam, The Netherlands, pp. 515–534 (2007). https://doi.org/10.1007/978-3-540-70936-7_28
Ning, J., Dong, X., Cao Z.Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud, In: Proc. of the European Symposium on Research in Computer Security, Vienna, pp. 270–289 (2015). https://doi.org/10.1007/978-3-319-24177-7_14
Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forens. Secur. 8, 76–88 (2013). https://doi.org/10.1109/TIFS.2012.2223683
Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proc. of the 6th ACM Symposium on Information, Computer, and Communications Security, Hong Kong, pp. 386–390 (2011). https://doi.org/10.1145/1966913.1966964
Zhou, J., Cao, Z., Dong, X., Lin, X.: TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems. In: Proceedings of the IEEE INFOCOM 2015, Hong Kong, China, pp. 2398–2406 (2015) https://doi.org/10.1109/INFOCOM.2015.7218628
Liu, Z., Wong, D.S.: Practical attribute-based encryption: traitor tracing. Revocation and large universe. Comput. J. 59(7), 983–1004 (2016). https://doi.org/10.1093/comjnl/bxv101
Zhang, K., Li, H., Ma, J., et al.: Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability. Sci. China Inf. Sci. 61, 032102 (2018). https://doi.org/10.1007/s11432-016-9019-8
Liang, X., Li, X., Lu, R., Lin, X., Shen, X.: An efficient and secure user revocation scheme in mobile social networks. In: 2011 IEEE Global Telecommunications Conference—GLOBECOM 2011, Kathmandu, pp. 1–5 (2011). https://doi.org/10.1109/GLOCOM.2011.6134273
Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2014). https://doi.org/10.1109/TPDS.2013.253
Hur, J.: Attribute-based secure data sharing with hidden policies in smart grid. IEEE Trans. Parallel Distrib. Syst. 24(11), 2171–2180 (2013). https://doi.org/10.1109/TPDS.2012.61
Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: Proc. 20th USENIX security symp., pp. 1–16. USENIX Association (2011)
Liu, Z., Jiang, Z.L., Wang, X., Yiu, S.M.: Practical attribute-based encryption: outsourcing decryption, attribute revocation and policy updating. J. Netw. Comput. Appl. 108, 112–123 (2018). https://doi.org/10.1016/j.jnca.2018.01.016
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proc. Advances in Cryptology-EUROCRYPT, vol. 3494, pp. 457–473. LNCS (2005). https://doi.org/10.1007/11426639_27
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attibute-based encryption for fine-grained access control of encrypted data. In: Proc. ACM Conf. Computer and Communications Security (ACM CCS), pp. 89-98, Virginia, USA (2006). https://doi.org/10.1145/1180405.1180418
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proc. IEEE Symp. Security and Privacy, Oakland, CA, (2007). https://doi.org/10.1109/SP.2007.11
Lewko, A., Waters, B.: New proof methods for attribute-based encryption: Achieving full security through selective techniques. In: Advances in Cryptology, pp. 180–198. Springer-Verlag, Berlin (2012). https://doi.org/10.1007/978-3-642-32009-5_12
Hohenberger, S., Waters, B.: Attribute-based encryption with fast decryption. In: Public-Key Cryptography, pp. 162–179. Springer-Verlag, Berlin (2013). https://doi.org/10.1007/978-3-642-36362-7_11
Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute-based encryption. In: Automata, Languages and Programming, pp. 579-591. Springer-Verlag, Berlin (2008). https://doi.org/10.1007/978-3-540-70583-3_47
Kalaivani, A., Ananthi, B., Sangeetha, S.: Enhanced hierarchical attribute based encryption with modular padding for improved public auditing in cloud computing using semantic ontology. Cluster Comput. 22, 3783–3790 (2019). https://doi.org/10.1007/s10586-018-2346-1
Chase, M., Chow, S.S.: Improving privacy and security in multi-authority attribute based encryption. In: Proc. of the 16th ACM Conference on Computer and Communications Security, pp. 121–130 (2009)
Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: EUROCRYPT, pp. 568–588 (2011). https://doi.org/10.1007/978-3-642-20465-4_31
Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proc. of the 20th ACM Conference on Computer and Communications Security, Berlin, pp. 463–574 (2013). https://doi.org/10.1145/2508859.2516672
Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Böhme R., Okamoto T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science, vol. 8975. Springer, Berlin, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_19
Hinek, M.J., Jiang, S., Safavi-Naini, R., Shahandashti, S.F.: Attribute-based encryption with key cloning protection. In: Cryptology ePrint Archive, Report 2008/478 (2008)
Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forens. Secur. 10(6), 1274–1288 (2015). https://doi.org/10.1109/TIFS.2015.2405905
Qiaoab, H., Rena, J., Wanga, Z., Baa, H., Zhoua, H.: Compulsory traceable ciphertext-policy attribute-based encryption against privilege abuse in fog computing. Future Gener. Comput. Syst. 88, 107–116 (2018). https://doi.org/10.1016/j.future.2018.05.032
Ning, J.T., Cao, Z.F., Dong, X.L., Wei, L.: Traceable and revocable CP-ABE with shorter ciphertexts. Sci. China Inf. Sci. 59, 119102 (2016)
Wang, Y.T., Chen, K.F., Long, Y., Liu, Z.: Accountable authority key policy attribute-based encryption. Sci. China Inf. Sci., 1631–1638 (2012). https://doi.org/10.1007/s11432-012-4594-7
Sethi, K., Pradhan, A., Bera, P.: Practical traceable multi-authority CP-ABE with outsourcing decryption and access policy updation. J. Inf. Securi. Appl. 51, 102435 (2020). https://doi.org/10.1016/j.jisa.2019.102435
Ning, J., Cao, Z., Dong, X., Wei, L.: White-box traceable CP-ABE for Cloud storage service: how to catch people leaking their access credentials effectively. In: IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 5, pp. 883–897 (2018). https://doi.org/10.1109/TDSC.2016.2608343
Yan, X., He, X., Yu, J., Tang, Y.: White-box traceable ciphertext-policy attribute-based encryption in multi-domain environment. IEEE Access 7, 128298–128312 (2019). https://doi.org/10.1109/ACCESS.2019.2939413
Yang, K., Jia, X., Ren, K., Zhang, B.: DAC-MACS: Effective data access control for multi-authority cloud storage systems. In: 2013 Proceedings IEEE INFOCOM, Turin, pp. 2895–2903 (2013). https://doi.org/10.1109/INFCOM.2013.6567100
Li, Q., Ma, J., Li, R., Liu, X., Xiong, J., Chen, D.: Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016). https://doi.org/10.1016/j.cose.2016.02.002
Li, J., Yao, W., Han, J., Zhang, Y., Shen, J.: User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst. J. 12(2), 1767–1777 (2018). https://doi.org/10.1109/JSYST.2017.2667679
Chow, S.S.M.: A framework of multi-authority attribute-based encryption with outsourcing and revocation. In: Proc. 21st ACM Symp. Access Control Models Technol., pp. 215–226 (2016). https://doi.org/10.1145/2914642.2914659
Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013). https://doi.org/10.1109/TPDS.2012.97
Liang, X., Li, X., Lu, R., Lin, X., Shen, X.: An efficient and secure user revocation scheme in mobile social networks. In: Proc. IEEE GLOBECOM 2011, pp. 1–5 (2011). https://doi.org/10.1109/GLOCOM.2011.6134273
Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Advances in Cryptology, pp. 199-217. Springer-Verlag, Berlin (2012)
Florence, M.L., Suresh, D.: Enhanced secure sharing of PHR’s in cloud using user usage based attribute based encryption and signature with keyword search. Cluster Comput. 22, 13119–13130 (2019). https://doi.org/10.1007/s10586-017-1276-7
Liu, Z., Duan, S., Zhou, P., Wang, B.: Traceable-then-revocable ciphertext-policy attribute-based encryption scheme. In: Future Generation Computer Systems, vol. 93, pp. 903–913 (2019) ISSN 0167-739X. https://doi.org/10.1016/j.future.2017.09.045
Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable -time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forens. Secur. 13(1), 94–105 (2018). https://doi.org/10.1109/TIFS.2017.2738601
Li, J., Wang, Y., Zhang, Y., Han, J.: Full verifiability for outsourced decryption in attribute based encryption. In: IEEE Transactions on Services Computing, vol. 13, no. 3, pp. 478-487 (2020). https://doi.org/10.1109/TSC.2017.2710190
Chow, S.S.M.: A framework of multi-authority attribute-based encryption with outsourcing and revocation. In: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (SACMAT’16). ACM, New York, pp. 215–226 (2016). https://doi.org/10.1145/2914642.2914659
Li, J., Sha, F., Zhang, Y., Huang, X., Shen, J.: Verifiable outsourced decryption of attribute-based encryption with constant ciphertext length. Secur. Commun. Netw. (2017). https://doi.org/10.1155/2017/3596205
Jiang, Z.L., Zhang, R., Liu, Z., Yiu, S., Hui, L.C., Wang, X., Fang, J.: A revocable outsourcing attribute-based encryption scheme. In: Proc. CloudComp 2016, Guangzhou, China, November 25–26, pp. 145–161. Springer-Verlag, Cham (2016)
Tu, Y., Yang, G., Wang, J., et al.: A secure, efficient and verifiable multimedia data sharing scheme in fog networking system. Cluster Comput. (2020). https://doi.org/10.1007/s10586-020-03101-6
Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Faculty Comput. Sci., Technion-Israel Inst. Technol., Haifa, Israel (1996)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: PKC (2011). https://doi.org/10.1007/978-3-642-19379-8_4
Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: Proc. 15th ACM Conf. Comput. Commun. Security, pp. 417–426 (2008). https://doi.org/10.1145/1455770.1455823
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. J. Cryptol. 20(3), 265–294 (2007). https://doi.org/10.1007/3-540-39200-9_16
Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Crypt. (2008). https://doi.org/10.1007/s00145-007-9005-7
Chen, J., Ma, H.: Efficient decentralized attribute-based access control for cloud storage with user revocation. In: 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, pp. 3782–3787 (2014). https://doi.org/10.1109/ICC.2014.6883910
Li, Q., Zhu, H., Ying, Z., Zhang, T.: Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in eHealth cloud. Wirel. Commun. Mobile Comput. (2018). https://doi.org/10.1155/2018/1701675
Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. (2013). https://doi.org/10.1007/s13389-013-0057-3
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sethi, K., Pradhan, A. & Bera, P. PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems. Cluster Comput 24, 1525–1550 (2021). https://doi.org/10.1007/s10586-020-03202-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-020-03202-2