Skip to main content
SpringerLink
Log in

PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Attribute-based encryption (ABE) has evolved as an efficient and secure method for storage of data with fine-grained access control in cloud platforms. In recent years, increasing diversification in the design of ABE schemes has led to significant research in the assimilation of properties like traceability, revocation, and outsourcing decryption. However, most of the recent ABE schemes incorporate few of these properties and hence lack in robustness to adapt with varying demands of cloud systems. In modern ABE designs, the notions of forward and backward secrecy have been introduced to accommodate the delegation of a large number of heterogeneous users in the system. In general, these features are realized under the concept of user revocation. On the other hand, to control malicious users in the system, it is necessary to implement traceability in integration with user revocation. Finally, for resource-constrained users, outsourcing decryption to proxy servers is a viable option. Thus, we propose PMTER-ABE, a practical decentralized multi-authority traceable and efficiently revocable attribute-based cryptosystem with outsourcing decryption advantage. The key features of our cryptosystem are (i) incorporating large attribute universe with highly expressive policies, (ii) integrating forward and backward secrecy under user revocation, (iii) implementing white-box traceability to detect malicious users, and (iv) outsourcing decryption to reduce the computational overhead of decryption on users. We present the formal proofs for correctness, security, and traceability of PMTER-ABE along with performance analysis. The efficiency and usability of PMTER-ABE is shown with practical implementation and experimental results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Wei, J., Liu, W., Hu, X.: Secure and efficient attribute-based access control for multiauthority cloud storage. IEEE Syst. J. 12(2), 1731–1742 (2018). https://doi.org/10.1109/JSYST.2016.2633559

    Article  Google Scholar 

  2. Chase, M.: Multi-authority attribute based encryption. In: Proceedings of the 4th theory of cryptography conference, Amsterdam, The Netherlands, pp. 515–534 (2007). https://doi.org/10.1007/978-3-540-70936-7_28

  3. Ning, J., Dong, X., Cao Z.Z., Wei, L.: Accountable authority ciphertext-policy attribute-based encryption with white-box traceability and public auditing in the cloud, In: Proc. of the European Symposium on Research in Computer Security, Vienna, pp. 270–289 (2015). https://doi.org/10.1007/978-3-319-24177-7_14

  4. Liu, Z., Cao, Z., Wong, D.S.: White-box traceable ciphertext-policy attribute-based encryption supporting any monotone access structures. IEEE Trans. Inf. Forens. Secur. 8, 76–88 (2013). https://doi.org/10.1109/TIFS.2012.2223683

    Article  Google Scholar 

  5. Li, J., Huang, Q., Chen, X., Chow, S.S.M., Wong, D.S., Xie, D.: Multi-authority ciphertext-policy attribute-based encryption with accountability. In: Proc. of the 6th ACM Symposium on Information, Computer, and Communications Security, Hong Kong, pp. 386–390 (2011). https://doi.org/10.1145/1966913.1966964

  6. Zhou, J., Cao, Z., Dong, X., Lin, X.: TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems. In: Proceedings of the IEEE INFOCOM 2015, Hong Kong, China, pp. 2398–2406 (2015) https://doi.org/10.1109/INFOCOM.2015.7218628

  7. Liu, Z., Wong, D.S.: Practical attribute-based encryption: traitor tracing. Revocation and large universe. Comput. J. 59(7), 983–1004 (2016). https://doi.org/10.1093/comjnl/bxv101

    Article  MathSciNet  Google Scholar 

  8. Zhang, K., Li, H., Ma, J., et al.: Efficient large-universe multi-authority ciphertext-policy attribute-based encryption with white-box traceability. Sci. China Inf. Sci. 61, 032102 (2018). https://doi.org/10.1007/s11432-016-9019-8

    Article  Google Scholar 

  9. Liang, X., Li, X., Lu, R., Lin, X., Shen, X.: An efficient and secure user revocation scheme in mobile social networks. In: 2011 IEEE Global Telecommunications Conference—GLOBECOM 2011, Kathmandu, pp. 1–5 (2011). https://doi.org/10.1109/GLOCOM.2011.6134273

  10. Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2014). https://doi.org/10.1109/TPDS.2013.253

    Article  Google Scholar 

  11. Hur, J.: Attribute-based secure data sharing with hidden policies in smart grid. IEEE Trans. Parallel Distrib. Syst. 24(11), 2171–2180 (2013). https://doi.org/10.1109/TPDS.2012.61

    Article  Google Scholar 

  12. Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: Proc. 20th USENIX security symp., pp. 1–16. USENIX Association (2011)

  13. Liu, Z., Jiang, Z.L., Wang, X., Yiu, S.M.: Practical attribute-based encryption: outsourcing decryption, attribute revocation and policy updating. J. Netw. Comput. Appl. 108, 112–123 (2018). https://doi.org/10.1016/j.jnca.2018.01.016

    Article  Google Scholar 

  14. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Proc. Advances in Cryptology-EUROCRYPT, vol. 3494, pp. 457–473. LNCS (2005). https://doi.org/10.1007/11426639_27

  15. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attibute-based encryption for fine-grained access control of encrypted data. In: Proc. ACM Conf. Computer and Communications Security (ACM CCS), pp. 89-98, Virginia, USA (2006). https://doi.org/10.1145/1180405.1180418

  16. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proc. IEEE Symp. Security and Privacy, Oakland, CA, (2007). https://doi.org/10.1109/SP.2007.11

  17. Lewko, A., Waters, B.: New proof methods for attribute-based encryption: Achieving full security through selective techniques. In: Advances in Cryptology, pp. 180–198. Springer-Verlag, Berlin (2012). https://doi.org/10.1007/978-3-642-32009-5_12

  18. Hohenberger, S., Waters, B.: Attribute-based encryption with fast decryption. In: Public-Key Cryptography, pp. 162–179. Springer-Verlag, Berlin (2013). https://doi.org/10.1007/978-3-642-36362-7_11

  19. Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute-based encryption. In: Automata, Languages and Programming, pp. 579-591. Springer-Verlag, Berlin (2008). https://doi.org/10.1007/978-3-540-70583-3_47

  20. Kalaivani, A., Ananthi, B., Sangeetha, S.: Enhanced hierarchical attribute based encryption with modular padding for improved public auditing in cloud computing using semantic ontology. Cluster Comput. 22, 3783–3790 (2019). https://doi.org/10.1007/s10586-018-2346-1

    Article  Google Scholar 

  21. Chase, M., Chow, S.S.: Improving privacy and security in multi-authority attribute based encryption. In: Proc. of the 16th ACM Conference on Computer and Communications Security, pp. 121–130 (2009)

  22. Lewko, A., Waters, B.: Decentralizing attribute-based encryption. In: EUROCRYPT, pp. 568–588 (2011). https://doi.org/10.1007/978-3-642-20465-4_31

  23. Rouselakis, Y., Waters, B.: Practical constructions and new proof methods for large universe attribute-based encryption. In: Proc. of the 20th ACM Conference on Computer and Communications Security, Berlin, pp. 463–574 (2013). https://doi.org/10.1145/2508859.2516672

  24. Rouselakis, Y., Waters, B.: Efficient statically-secure large-universe multi-authority attribute-based encryption. In: Böhme R., Okamoto T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science, vol. 8975. Springer, Berlin, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_19

  25. Hinek, M.J., Jiang, S., Safavi-Naini, R., Shahandashti, S.F.: Attribute-based encryption with key cloning protection. In: Cryptology ePrint Archive, Report 2008/478 (2008)

  26. Ning, J., Dong, X., Cao, Z., Wei, L., Lin, X.: White-box traceable ciphertext-policy attribute-based encryption supporting flexible attributes. IEEE Trans. Inf. Forens. Secur. 10(6), 1274–1288 (2015). https://doi.org/10.1109/TIFS.2015.2405905

    Article  Google Scholar 

  27. Qiaoab, H., Rena, J., Wanga, Z., Baa, H., Zhoua, H.: Compulsory traceable ciphertext-policy attribute-based encryption against privilege abuse in fog computing. Future Gener. Comput. Syst. 88, 107–116 (2018). https://doi.org/10.1016/j.future.2018.05.032

    Article  Google Scholar 

  28. Ning, J.T., Cao, Z.F., Dong, X.L., Wei, L.: Traceable and revocable CP-ABE with shorter ciphertexts. Sci. China Inf. Sci. 59, 119102 (2016)

    Article  Google Scholar 

  29. Wang, Y.T., Chen, K.F., Long, Y., Liu, Z.: Accountable authority key policy attribute-based encryption. Sci. China Inf. Sci., 1631–1638 (2012). https://doi.org/10.1007/s11432-012-4594-7

  30. Sethi, K., Pradhan, A., Bera, P.: Practical traceable multi-authority CP-ABE with outsourcing decryption and access policy updation. J. Inf. Securi. Appl. 51, 102435 (2020). https://doi.org/10.1016/j.jisa.2019.102435

    Article  Google Scholar 

  31. Ning, J., Cao, Z., Dong, X., Wei, L.: White-box traceable CP-ABE for Cloud storage service: how to catch people leaking their access credentials effectively. In: IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 5, pp. 883–897 (2018). https://doi.org/10.1109/TDSC.2016.2608343

  32. Yan, X., He, X., Yu, J., Tang, Y.: White-box traceable ciphertext-policy attribute-based encryption in multi-domain environment. IEEE Access 7, 128298–128312 (2019). https://doi.org/10.1109/ACCESS.2019.2939413

    Article  Google Scholar 

  33. Yang, K., Jia, X., Ren, K., Zhang, B.: DAC-MACS: Effective data access control for multi-authority cloud storage systems. In: 2013 Proceedings IEEE INFOCOM, Turin, pp. 2895–2903 (2013). https://doi.org/10.1109/INFCOM.2013.6567100

  34. Li, Q., Ma, J., Li, R., Liu, X., Xiong, J., Chen, D.: Secure, efficient and revocable multi-authority access control system in cloud storage. Comput. Secur. 59, 45–59 (2016). https://doi.org/10.1016/j.cose.2016.02.002

    Article  Google Scholar 

  35. Li, J., Yao, W., Han, J., Zhang, Y., Shen, J.: User collusion avoidance CP-ABE with efficient attribute revocation for cloud storage. IEEE Syst. J. 12(2), 1767–1777 (2018). https://doi.org/10.1109/JSYST.2017.2667679

    Article  Google Scholar 

  36. Chow, S.S.M.: A framework of multi-authority attribute-based encryption with outsourcing and revocation. In: Proc. 21st ACM Symp. Access Control Models Technol., pp. 215–226 (2016). https://doi.org/10.1145/2914642.2914659

  37. Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013). https://doi.org/10.1109/TPDS.2012.97

    Article  Google Scholar 

  38. Liang, X., Li, X., Lu, R., Lin, X., Shen, X.: An efficient and secure user revocation scheme in mobile social networks. In: Proc. IEEE GLOBECOM 2011, pp. 1–5 (2011). https://doi.org/10.1109/GLOCOM.2011.6134273

  39. Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Advances in Cryptology, pp. 199-217. Springer-Verlag, Berlin (2012)

  40. Florence, M.L., Suresh, D.: Enhanced secure sharing of PHR’s in cloud using user usage based attribute based encryption and signature with keyword search. Cluster Comput. 22, 13119–13130 (2019). https://doi.org/10.1007/s10586-017-1276-7

    Article  Google Scholar 

  41. Liu, Z., Duan, S., Zhou, P., Wang, B.: Traceable-then-revocable ciphertext-policy attribute-based encryption scheme. In: Future Generation Computer Systems, vol. 93, pp. 903–913 (2019) ISSN 0167-739X. https://doi.org/10.1016/j.future.2017.09.045

  42. Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable -time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forens. Secur. 13(1), 94–105 (2018). https://doi.org/10.1109/TIFS.2017.2738601

    Article  Google Scholar 

  43. Li, J., Wang, Y., Zhang, Y., Han, J.: Full verifiability for outsourced decryption in attribute based encryption. In: IEEE Transactions on Services Computing, vol. 13, no. 3, pp. 478-487 (2020). https://doi.org/10.1109/TSC.2017.2710190

  44. Chow, S.S.M.: A framework of multi-authority attribute-based encryption with outsourcing and revocation. In: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies (SACMAT’16). ACM, New York, pp. 215–226 (2016). https://doi.org/10.1145/2914642.2914659

  45. Li, J., Sha, F., Zhang, Y., Huang, X., Shen, J.: Verifiable outsourced decryption of attribute-based encryption with constant ciphertext length. Secur. Commun. Netw. (2017). https://doi.org/10.1155/2017/3596205

    Article  Google Scholar 

  46. Jiang, Z.L., Zhang, R., Liu, Z., Yiu, S., Hui, L.C., Wang, X., Fang, J.: A revocable outsourcing attribute-based encryption scheme. In: Proc. CloudComp 2016, Guangzhou, China, November 25–26, pp. 145–161. Springer-Verlag, Cham (2016)

  47. Tu, Y., Yang, G., Wang, J., et al.: A secure, efficient and verifiable multimedia data sharing scheme in fog networking system. Cluster Comput. (2020). https://doi.org/10.1007/s10586-020-03101-6

    Article  Google Scholar 

  48. Beimel, A.: Secure schemes for secret sharing and key distribution. Ph.D. dissertation, Faculty Comput. Sci., Technion-Israel Inst. Technol., Haifa, Israel (1996)

  49. Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: PKC (2011). https://doi.org/10.1007/978-3-642-19379-8_4

  50. Boldyreva, A., Goyal, V., Kumar, V.: Identity-based encryption with efficient revocation. In: Proc. 15th ACM Conf. Comput. Commun. Security, pp. 417–426 (2008). https://doi.org/10.1145/1455770.1455823

  51. Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. J. Cryptol. 20(3), 265–294 (2007). https://doi.org/10.1007/3-540-39200-9_16

    Article  MathSciNet  MATH  Google Scholar 

  52. Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Crypt. (2008). https://doi.org/10.1007/s00145-007-9005-7

    Article  MathSciNet  MATH  Google Scholar 

  53. Chen, J., Ma, H.: Efficient decentralized attribute-based access control for cloud storage with user revocation. In: 2014 IEEE International Conference on Communications (ICC), Sydney, NSW, pp. 3782–3787 (2014). https://doi.org/10.1109/ICC.2014.6883910

  54. Li, Q., Zhu, H., Ying, Z., Zhang, T.: Traceable ciphertext-policy attribute-based encryption with verifiable outsourced decryption in eHealth cloud. Wirel. Commun. Mobile Comput. (2018). https://doi.org/10.1155/2018/1701675

    Article  Google Scholar 

  55. Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. (2013). https://doi.org/10.1007/s13389-013-0057-3

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology Bhubaneswar, Bhubaneswar, Odhisha, India

    Kamalakanta Sethi, Ankit Pradhan & Padmalochan Bera

Authors
  1. Kamalakanta Sethi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ankit Pradhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Padmalochan Bera
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kamalakanta Sethi.

Ethics declarations

Conflicts of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sethi, K., Pradhan, A. & Bera, P. PMTER-ABE: a practical multi-authority CP-ABE with traceability, revocation and outsourcing decryption for secure access control in cloud systems. Cluster Comput 24, 1525–1550 (2021). https://doi.org/10.1007/s10586-020-03202-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03202-2

Keywords

Search

Navigation