Skip to main content
SpringerLink
Log in

Decentralized, Revocable and Verifiable Attribute-Based Encryption in Hybrid Cloud System

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Cloud can provide storage space and services for data owners to host their data, where data privacy and confidentiality become critical issues. Ciphertext policy attribute-based encryption (CP-ABE) is one of the most suitable methods to protect data privacy and provide structured access control. In this paper, we propose a multi-authority CP-ABE scheme with a direct attribute revocation mechanism, cause revocation is an inevitable problem in the application process. Under our proposed revocation mechanism, the remaining users need not to update their secret keys when revocation happens. It relies on the matching of public keys’ version and ciphertext’ version. In a cloud storage model, the update of ciphertext is executed by public cloud, which cannot be fully trusted by data owners. In this case, we propose a hybrid CP-ABE cloud storage model aiming at solving the public cloud trust management problem. The data owners can authorize private cloud to verify whether their ciphertexts have been updated to the newest version. In addition, we prove our construction secure in selective-CPA model. Finally, we compare our scheme with similar multi-authority CP-ABE schemes from functionality, communication overhead and computation cost. The simulation results show that our scheme is more efficient than similar works in encryption, decryption and revocation stages.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Lee, C.-C., Chung, P.-S., & Hwang, M.-S. (2013). A survey on attribute-based encryption schemes of access control in cloud environments. IJ Network Security, 15(4), 231–240.

    Google Scholar 

  2. Yang, K., Jia, X., Ren, K., Zhang, B., & Xie, R. (2013). Dac-macs: Effective data access control for multiauthority cloud storage systems. IEEE Transactions on Information Forensics and Security, 8(11), 1790–1801.

    Article  Google Scholar 

  3. Bethencourt, J., Sahai, A., & Waters, B. (2007). Ciphertext-policy attribute-based encryption. In 2007 IEEE symposium on security and privacy (SP ’07), pp. 321–334.

  4. Attrapadung, N., & Imai, H. (2009). Attribute-based encryption supporting direct/indirect revocation modes. In IMA international conference on cryptography and coding, Springer, pp. 278–300.

  5. Yang, K., Jia, X., et al. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE Transactions on Parallel and Distributed Systems, 24(9), 1717–1726.

    Article  Google Scholar 

  6. Li, J., Yao, W., Zhang, Y., Qian, H., & Han, J. (2017). Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Transactions on Services Computing, 10(5), 785–796.

    Article  Google Scholar 

  7. Attrapadung, N., & Imai, H. (2009). Conjunctive broadcast and attribute-based encryption. In International conference on pairing-based cryptography, Springer, pp. 248–265.

  8. Hur, J., & Noh, D. K. (2011). Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems, 22(7), 1214–1221.

    Article  Google Scholar 

  9. Li, X., Tang, S., Lingling, X., Wang, H., & Chen, J. (2017). Two-factor data access control with efficient revocation for multi-authority cloud storage systems. IEEE Access, 5, 393–405.

    Article  Google Scholar 

  10. Fan, C.-I., Huang, V. S.-M., & Ruan, H.-M. (2014). Arbitrary-state attribute-based encryption with dynamic membership. IEEE Transactions on Computers, 63(8), 1951–1961.

    Article  MathSciNet  MATH  Google Scholar 

  11. Yang, Y., Liu, J. K., Liang, K., Kim-Kwang, R. C., & Zhou, J. (2015). Extended proxy-assisted approach: Achieving revocable fine-grained encryption of cloud data. In European symposium on research in computer security, Springer, pp. 146–166.

  12. Yang, K., & Jia, X. (2014). Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Transactions on Parallel and Distributed Systems, 25(7), 1735–1744.

    Article  Google Scholar 

  13. Lai, J., Deng, R. H., Guan, C., & Weng, J. (2013). Attribute-based encryption with verifiable outsourced decryption. IEEE Transactions on Information Forensics and Security, 8(8), 1343–1354.

    Article  Google Scholar 

  14. Li, J., Wang, Y., Zhang, Y., & Han, J. (2017). Full verifiability for outsourced decryption in attribute based encryption. In IEEE transactions on services computing.

  15. Ma, H., Zhang, R., Wan, Z., Yao, L., & Lin, S. (2015). Verifiable and exculpable outsourced attribute-based encryption for access control in cloud computing. In IEEE transactions on dependable and secure computing.

  16. Wang, H., He, D., & Han, J. (2017). Vod-adac: Anonymous distributed fine-grained access control protocol with verifiable outsourced decryption in public cloud. In IEEE transactions on services computing.

  17. Chow, S. S. M. (2016). A framework of multi-authority attribute-based encryption with outsourcing and revocation. In Proceedings of the 21st ACM on symposium on access control models and technologies, ACM, pp. 215–226.

  18. De Sourya, J., & Ruj, S. (2017). Efficient decentralized attribute based access control for mobile clouds. In IEEE transactions on cloud computing.

  19. Wang, C., Chow, S. S. M., Wang, Q., Ren, K., & Lou, W. (2013). Privacy-preserving public auditing for secure cloud storage. IEEE Transactions on Computers, 62(2), 362–375.

    Article  MathSciNet  MATH  Google Scholar 

  20. Yu, Y., Au, M. H., Ateniese, G., Huang, X., Susilo, W., Dai, Y., et al. (2017). Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Transactions on Information Forensics and Security, 12(4), 767–778.

    Article  Google Scholar 

  21. Waters, B. (2011) Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization. In International workshop on public key cryptography, Springer, pp. 53–70.

  22. Lewko, A., & Waters, B. (2011). Decentralizing attribute-based encryption. In Annual international conference on the theory and applications of cryptographic techniques, Springer, pp. 568–588.

  23. Chase, M. (2007). Multi-authority attribute based encryption. In Theory of cryptography conference, Springer, pp. 515–534.

Download references

Acknowledgements

We are grateful to the authors of the bibliography for their work. This paper is partially supported by National Natural Science Foundation of China (Grant Nos. 61502044).

Author information

Authors and Affiliations

  1. Beijing University of Posts and Telecommunications, Beijing, China

    Ping Yu, Qiaoyan Wen, Wei Ni, Wenmin Li, Caijun Sun, Hua Zhang & Zhengping Jin

  2. University of Technology Sydney, Sydney, Australia

    Ping Yu

Authors
  1. Ping Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qiaoyan Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Ni
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wenmin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Caijun Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hua Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Zhengping Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenmin Li.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yu, P., Wen, Q., Ni, W. et al. Decentralized, Revocable and Verifiable Attribute-Based Encryption in Hybrid Cloud System. Wireless Pers Commun 106, 719–738 (2019). https://doi.org/10.1007/s11277-019-06187-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-019-06187-3

Keywords

Search

Navigation