Skip to main content

Advertisement

Springer Nature Link
Log in

Flexible revocation in ciphertext-policy attribute-based encryption with verifiable ciphertext delegation

  • 1187: Recent Advances in Multimedia Information Security: Cryptography and Steganography
  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Attribute-based encryption (ABE) is a promising approach to enables fine-grained access control for encrypted data in cloud storage. However, to design a flexible and effective revocation mechanism has always been a tricky problem for ABE, especially for the situations where revocation occurs frequently. In this work, we propose a practical attribute-based access control scheme by introducing ciphertext-policy attribute-based encryption (CP-ABE) that allows the trusted authority (TA) to efficiently manage the credentials of data users. The problem of revocation is solved efficiently by exploiting user binary tree. To achieve flexible revocation, our scheme supports both attribute revocation and user revocation to accommodate different revocation needs. Non-revoked users can still decrypt the ciphertext as long as his/her remaining attributes satisfy the access policy associated with the ciphertext. Moreover, verifiable ciphertext delegation is presented to reduce the heavy computation cost brought by frequent revocation. The merits of the proposed scheme are proved by comparing its performance and security with the related works.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Akinyele JA, Garman C, Miers I, Pagano MW, Rushanan M, Green M, Rubin AD (2013) Charm: a framework for rapidly prototyping cryptosystems. J Cryptographic Eng:111–128. https://doi.org/10.1007/s13389-013-0057-3

  2. Amit S, Brent W (2005) Fuzzy identity-based encryption. EUROCRYPT2005. Springer Berlin Heidelberg. pp 457–473. https://doi.org/10.1007/11426639_27

  3. Attrapadung N, Herranz J, Laguillaumie F, Libert B, de Panafieu E, Ràfols C (2012) Attribute-based encryption schemes with constant-size ciphertexts. Theoretical Comput Sci, pp 15–38. https://doi.org/10.1016/j.tcs.2011.12.004

  4. Bhaskar P R, Eunmi C, Ian L (2009) A taxonomy and survey of cloud computing systems. Fifth Inter Joint Conf on INC IMS and IDC, PP 44–51. https://doi.org/10.1109/NCM.2009.218

  5. Boldyreva A, Goyal V, Kumar V (2008) Identity-based encryption with efficient revocation. In: Proceedings of the 15th ACM conference on computer and communications security, CCS ’08, ACM, pp 417–426. https://doi.org/10.1145/1455770.1455823

  6. Boneh D, Franklin M (2001) Identity-based encryption from the weil pairing. In: Advances in cryptology — CRYPTO 2001, Springer, pp 213–229. https://doi.org/10.1007/3-540-44647-8_13

  7. Chase M (2007) Multi-authority attribute based encryption. In: Theory of cryptography. Springer, pp 515–534. https://doi.org/10.5555/1760749.1760787

  8. Cui J, Zhou H, Xu Y, Zhong H (2019) Ooabks: Online/offline attribute-based encryption for keyword search in mobile cloud. Inf Sci:63–77. https://doi.org/10.1016/j.ins.2019.03.043

  9. De SJ, Ruj S (2017) Efficient decentralized attribute based access control for mobile clouds. IEEE Trans Cloud Comput:1–1. https://doi.org/10.1109/TCC.2017.2754255

  10. Hur J, Noh DK (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distributed Syst, pp 1214–1221. https://doi.org/10.1109/TPDS.2010.203

  11. Ibraimi L, Petkovic M, Nikova S, Hartel P, Jonker W (2009) Mediated ciphertext-policy attribute-based encryption and its application. In: Information Security applications, Springer, pp 309–323. https://doi.org/10.1007/978-3-642-10838-9_23

  12. John B, Amit S, Brent W (2007) Ciphertext-policy attribute-based encryption. IEEE Symp on Secur Privacy, pp 321–334. https://doi.org/10.1109/SP.2007.11

  13. Kumar P, PK P, SK P, Alphonse PJA (2018) Attribute based encryption in cloud computing: a survey, gap analysis, and future directions. J Network Comput Appl, pp 37–52. https://doi.org/10.1016/j.jnca.2018.02.009https://doi.org/10.1016/j.jnca.2018.02.009

  14. Lewko A, Waters B (2011) Decentralizing attribute-based encryption. In: Advances in cryptology – EUROCRYPT 2011. Springer, pp 568–588. https://doi.org/10.1007/978-3-642-20465-4_31

  15. Li J, Lin X, Zhang Y, Han J (2017) Ksf-oabe: Outsourced attribute-based encryption with keyword search function for cloud storage. IEEE Trans Services Comput:715–725. https://doi.org/10.1109/TSC.2016.2542813https://doi.org/10.1109/TSC.2016.2542813

  16. Li J, Yao W, Han J, Zhang Y, Shen J (2018) User collusion avoidance cp-abe with efficient attribute revocation for cloud storage. IEEE Syst J, 1767–1777. https://doi.org/10.1109/JSYST.2017.2667679

  17. Li J, Yao W, Zhang Y, Qian H, Han J (2017) Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans Services Comput:785–796. https://doi.org/10.1109/TSC.2016.2520932

  18. Li M, Yu S, Zheng Y, Ren K, Lou W (2013) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans Parallel Distributed Syst, pp 131–143. https://doi.org/10.1109/TPDS.2012.97

  19. Liu Z, Jiang ZL, Wang X, Yiu S (2018) Practical attribute-based encryption: Outsourcing decryption, attribute revocation and policy updating. J Netw Comput Appl:112–123. https://doi.org/10.1016/j.jnca.2018.01.016https://doi.org/10.1016/j.jnca.2018.01.016

  20. Pirretti M, Traynor P, McDaniel P, Waters B (2006) Secure attribute-based systems. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06, ACM, pp 99–112. https://doi.org/10.1145/1180405.1180419

  21. Sahai A, Seyalioglu H, Waters B (2012) Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Advances in Cryptology –CRYPTO 2012, Springer, pp 199–217. https://doi.org/10.1007/978-3-642-32009-5_13

  22. Shamir A (1985) Identity-based cryptosystems and signature schemes. In: Advances in Cryptology, Springer, pp 47–53. https://doi.org/10.1007/3-540-39568-7_5

  23. Shi Y, Zheng Q, Liu J, Han Z (2015) Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Inf Sci:221–231. https://doi.org/10.1016/j.ins.2014.10.020

  24. Tysowski PK, Hasan MA (2013) Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds. IEEE Trans Cloud Comput, pp 172–186. https://doi.org/10.1109/TCC.2013.11

  25. Vipul G, Omkant P, Amit S (2006) Attribute-based encryption for fine-grained access control of encrypted data. ACM Conf on Comput Comm Secur, pp 89–98. https://doi.org/10.1145/1180405.1180418

  26. Watanabe Y, Emura K, Seo JH (2017) New revocable ibe in prime-order groups: adaptively secure, decryption key exposure resistant, and with short public parameters. In: Topics in Cryptology – CT-RSA 2017, Springer International Publishing, pp 432–449

  27. Waters B (2005) Efficient identity-based encryption without random oracles. In: Advances in cryptology – EUROCRYPT 2005, Springer, pp 114–127. https://doi.org/10.1007/11426639_7

  28. Wei J, Liu W, Hu X (2018) Secure and efficient attribute-based access control for multiauthority cloud storage. IEEE Syst J, 1731–1742. https://doi.org/10.1109/JSYST.2016.2633559

  29. Wei J, Liu W, Hu X (2018) Secure data sharing in cloud computing using revocable-storage identity-based encryption. IEEE Trans Cloud Comput, pp 1136–1148. https://doi.org/10.1109/TCC.2016.2545668

  30. Xu S, Yang G, Mu Y (2019) Revocable attribute-based encryption with decryption key exposure resistance and ciphertext delegation. Inf Sci:116–134. https://doi.org/10.1016/j.ins.2018.11.031

  31. Xu S, Yang G, Mu Y (2019) A secure iot cloud storage system with fine-grained access control and decryption key exposure resistance. Future Generation Comput Syst:284–294. https://doi.org/10.1016/j.future.2019.02.051

  32. Xu S, Yang G, Mu Y, Deng RH (2018) Secure fine-grained access control and data sharing for dynamic groups in the cloud. IEEE Trans Inf Forensics Secur:2101–2113. https://doi.org/10.1109/TIFS.2018.2810065

  33. Yang K, Han Q, Li H, Zheng K, Su Z, Shen X (2017) An efficient and fine-grained big data access control scheme with privacy-preserving policy. IEEE Int Things J:563–571. https://doi.org/10.1109/JIOT.2016.2571718

  34. Yang K, Jia X, Ren K (2013) Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: Proceedings of the 8th ACM SIGSAC symposium on information, computer and communications security, ASIA CCS ’13, ACM, pp 523–528

  35. Yin H, Zhang J, Xiong Y, Ou L, Li F, Liao S, Li K (2019) Cp-abse: a ciphertext-policy attribute-based searchable encryption scheme. IEEE Access:5682–5694. https://doi.org/10.1109/ACCESS.2018.2889754

  36. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 Proceedings IEEE INFOCOM, pp 1–9. https://doi.org/10.1109/INFCOM.2010.5462174

  37. Zhou Z, Huang D, Wang Z (2015) Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans Comput:126–138. https://doi.org/10.1109/TC.2013.200

Download references

Acknowledgements

This work was supported in part by the National Key R&D Program of China (No. 2018YFB1003205) and the National Natural Science Foundation of China (No. 61972143).

Author information

Authors and Affiliations

  1. School of Information Science and Electronic Engineering, Hunan University, Changsha, 410082, China

    Shijie Deng, Gaobo Yang, Wen Dong & Ming Xia

Authors
  1. Shijie Deng
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Gaobo Yang
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Wen Dong
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Ming Xia
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Gaobo Yang.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Deng, S., Yang, G., Dong, W. et al. Flexible revocation in ciphertext-policy attribute-based encryption with verifiable ciphertext delegation. Multimed Tools Appl 82, 22251–22274 (2023). https://doi.org/10.1007/s11042-022-13537-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-022-13537-0

Keywords