Advertisement

International Journal of Information Security

, Volume 17, Issue 5, pp 533–548 | Cite as

Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes

  • Yinhao JiangEmail author
  • Willy Susilo
  • Yi Mu
  • Fuchun Guo
Special Issue Paper

Abstract

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated, but the original encryptor might be unavailable to re-encrypt the message, which makes it impractical. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to update access policies in ciphertext-policy attribute-based encryption (CP-ABE) systems efficiently without encrypting each ciphertext with new access policies. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the augmented multi-sequences of exponents decisional Diffie–Hellman assumption. We also present a different construction in which certain attributes in an access policy can be preserved by the original encryptor, while other attributes can be revoked efficiently so that the ability of attribute revocation can be appropriately restrained.

Keywords

Attribute-based encryption Access policy update Ciphertext-policy 

Notes

Acknowledgements

This work is partially supported by ARC Project (DP130101383).

References

  1. 1.
    Attrapadung, N., Herranz, J., Laguillaumie, F., Libert, B., De Panafieu, E., Ràfols, C.: Attribute-based encryption schemes with constant-size ciphertexts. Theor. Comput. Sci. 422, 15–38 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP’07, pp. 321–334. IEEE (2007)Google Scholar
  3. 3.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) Advances in Cryptology EUROCRYPT’98, pp. 127–144. Springer (1998)Google Scholar
  4. 4.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT 2005, pp. 440–456. Springer (2005)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) Advances in Cryptology CRYPTO 2001, pp. 213–229. Springer (2001)Google Scholar
  6. 6.
    Cheung, L., Newport, C.: Provably secure ciphertext policy abe. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 456–465. ACM (2007)Google Scholar
  7. 7.
    Delerablée, C., Pointcheval, D.: Dynamic threshold public-key encryption. In: Wagner, D. (ed.) Advances in Cryptology–CRYPTO 2008, pp. 317–334. Springer (2008)Google Scholar
  8. 8.
    Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute based encryption. In: Meduna, A. (ed.) Automata, Languages and Programming, pp. 579–591. Springer (2008)Google Scholar
  9. 9.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)Google Scholar
  10. 10.
    Herranz, J., Laguillaumie, F., Ràfols, C.: Constant size ciphertexts in threshold attribute-based encryption. In: Nguyen, P.Q., Pointcheval, D. (eds.) Public Key Cryptography—PKC 2010, pp. 19–34. Springer (2010)Google Scholar
  11. 11.
    Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes (extended version). Technical report, Centre for Telematics and Information Technology, University of Twente (2009)Google Scholar
  12. 12.
    Jiang, Y., Susilo, W., Mu, Y., Guo, F.: Ciphertext-Policy Attribute Based Encryption Supporting Access Policy Update. Springer International Publishing, Cham (2016)CrossRefzbMATHGoogle Scholar
  13. 13.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) Advances in Cryptology—EUROCRYPT 2010, pp. 62–91. Springer (2010)Google Scholar
  14. 14.
    Lewko, A., Waters, B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology—CRYPTO 2012, pp. 180–198. Springer (2012)Google Scholar
  15. 15.
    Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: Samarati, P., Young, M., Martinelli, F., Ardagna, C.A. (eds.) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735, pp. 347–362. Springer, Berlin (2009)Google Scholar
  16. 16.
    Li, J., Yao, W., Han, J., Zhang, Y., Shen, J.: User collusion avoidance cp-abe with efficient attribute revocation for cloud storage. IEEE Syst. J. pp(17), (2017). http://ieeexplore.ieee.org/document/7867082/
  17. 17.
    Li, J., Yao, W., Zhang, Y., Qian, H., Han, J.: Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. Serv. Comput. pp, (2016). http://ieeexplore.ieee.org/document/7390098/
  18. 18.
    Liang, K., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S., Yang, G., Yu, Y., Yang, A.: A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)CrossRefGoogle Scholar
  19. 19.
    Liang, K., Au, M.H., Susilo, W., Wong, D.S., Yang, G., Yu, Y.: An adaptively cca-secure ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. In: Information Security Practice and Experience, pp. 448–461. Springer (2014)Google Scholar
  20. 20.
    Liang, K., Fang, L., Susilo, W., Wong, D.: A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security. In: 5th International Conference on Intelligent Networking and Collaborative Systems (INCoS), pp. 552–559. IEEE (2013)Google Scholar
  21. 21.
    Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 276–286. ACM (2009)Google Scholar
  22. 22.
    Luo, S., Hu, J., Chen, Z.: Ciphertext policy attribute-based proxy re-encryption. In: Soriano, M., Qing, S., López, J. (eds.) Information and Communications Security, pp. 401–415. Springer (2010)Google Scholar
  23. 23.
    Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) Advances in Cryptology—CRYPTO 2003, pp. 96–109. Springer (2003)Google Scholar
  24. 24.
    Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) Applied Cryptography and Network Security, pp. 111–129. Springer (2008)Google Scholar
  25. 25.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203. ACM (2007)Google Scholar
  26. 26.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed) Advances in Cryptology—EUROCRYPT, pp. 457–473. Springer (2005)Google Scholar
  27. 27.
    Seo, H.-J., Kim, H.-W.: Attribute-based proxy re-encryption with a constant number of pairing operations. J. Inform. Commun. Converg. Eng. 10(1), 53–60 (2012)Google Scholar
  28. 28.
    Susilo, W., Chen, R., Guo, F., Yang, G., Mu, Y., Chow, Y.-W.: Recipient revocable identity-based broadcast encryption. In: Chen, X. (ed.) ASIACCS (2016)Google Scholar
  29. 29.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D. (ed.) Public Key Cryptography—PKC 2011, pp. 53–70. Springer (2011)Google Scholar
  30. 30.
    Waters, B.: Functional encryption for regular languages. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology—CRYPTO 2012, pp. 218–235. Springer (2012)Google Scholar
  31. 31.
    Zhang, Y., Chen, X., Li, J., Wong, D.S., Li, H.: Anonymous attribute-based encryption supporting efficient decryption test. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 511–516. ACM (2013)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  1. 1.Institute of Cybersecurity and Cryptology, School of Computing and Information TechnologyUniversity of WollongongWollongongAustralia

Personalised recommendations