Skip to main content
SpringerLink
Log in

Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated, but the original encryptor might be unavailable to re-encrypt the message, which makes it impractical. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to update access policies in ciphertext-policy attribute-based encryption (CP-ABE) systems efficiently without encrypting each ciphertext with new access policies. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the augmented multi-sequences of exponents decisional Diffie–Hellman assumption. We also present a different construction in which certain attributes in an access policy can be preserved by the original encryptor, while other attributes can be revoked efficiently so that the ability of attribute revocation can be appropriately restrained.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Attrapadung, N., Herranz, J., Laguillaumie, F., Libert, B., De Panafieu, E., Ràfols, C.: Attribute-based encryption schemes with constant-size ciphertexts. Theor. Comput. Sci. 422, 15–38 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  2. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, SP’07, pp. 321–334. IEEE (2007)

  3. Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) Advances in Cryptology EUROCRYPT’98, pp. 127–144. Springer (1998)

  4. Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT 2005, pp. 440–456. Springer (2005)

  5. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) Advances in Cryptology CRYPTO 2001, pp. 213–229. Springer (2001)

  6. Cheung, L., Newport, C.: Provably secure ciphertext policy abe. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 456–465. ACM (2007)

  7. Delerablée, C., Pointcheval, D.: Dynamic threshold public-key encryption. In: Wagner, D. (ed.) Advances in Cryptology–CRYPTO 2008, pp. 317–334. Springer (2008)

  8. Goyal, V., Jain, A., Pandey, O., Sahai, A.: Bounded ciphertext policy attribute based encryption. In: Meduna, A. (ed.) Automata, Languages and Programming, pp. 579–591. Springer (2008)

  9. Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)

  10. Herranz, J., Laguillaumie, F., Ràfols, C.: Constant size ciphertexts in threshold attribute-based encryption. In: Nguyen, P.Q., Pointcheval, D. (eds.) Public Key Cryptography—PKC 2010, pp. 19–34. Springer (2010)

  11. Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Ciphertext-policy attribute-based threshold decryption with flexible delegation and revocation of user attributes (extended version). Technical report, Centre for Telematics and Information Technology, University of Twente (2009)

  12. Jiang, Y., Susilo, W., Mu, Y., Guo, F.: Ciphertext-Policy Attribute Based Encryption Supporting Access Policy Update. Springer International Publishing, Cham (2016)

    Book  MATH  Google Scholar 

  13. Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) Advances in Cryptology—EUROCRYPT 2010, pp. 62–91. Springer (2010)

  14. Lewko, A., Waters, B.: New proof methods for attribute-based encryption: achieving full security through selective techniques. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology—CRYPTO 2012, pp. 180–198. Springer (2012)

  15. Li, J., Ren, K., Zhu, B., Wan, Z.: Privacy-aware attribute-based encryption with user accountability. In: Samarati, P., Young, M., Martinelli, F., Ardagna, C.A. (eds.) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735, pp. 347–362. Springer, Berlin (2009)

  16. Li, J., Yao, W., Han, J., Zhang, Y., Shen, J.: User collusion avoidance cp-abe with efficient attribute revocation for cloud storage. IEEE Syst. J. pp(17), (2017). http://ieeexplore.ieee.org/document/7867082/

  17. Li, J., Yao, W., Zhang, Y., Qian, H., Han, J.: Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Trans. Serv. Comput. pp, (2016). http://ieeexplore.ieee.org/document/7390098/

  18. Liang, K., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S., Yang, G., Yu, Y., Yang, A.: A secure and efficient ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. Future Gener. Comput. Syst. 52, 95–108 (2015)

    Article  Google Scholar 

  19. Liang, K., Au, M.H., Susilo, W., Wong, D.S., Yang, G., Yu, Y.: An adaptively cca-secure ciphertext-policy attribute-based proxy re-encryption for cloud data sharing. In: Information Security Practice and Experience, pp. 448–461. Springer (2014)

  20. Liang, K., Fang, L., Susilo, W., Wong, D.: A ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security. In: 5th International Conference on Intelligent Networking and Collaborative Systems (INCoS), pp. 552–559. IEEE (2013)

  21. Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 276–286. ACM (2009)

  22. Luo, S., Hu, J., Chen, Z.: Ciphertext policy attribute-based proxy re-encryption. In: Soriano, M., Qing, S., López, J. (eds.) Information and Communications Security, pp. 401–415. Springer (2010)

  23. Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) Advances in Cryptology—CRYPTO 2003, pp. 96–109. Springer (2003)

  24. Nishide, T., Yoneyama, K., Ohta, K.: Attribute-based encryption with partially hidden encryptor-specified access structures. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) Applied Cryptography and Network Security, pp. 111–129. Springer (2008)

  25. Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 195–203. ACM (2007)

  26. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed) Advances in Cryptology—EUROCRYPT, pp. 457–473. Springer (2005)

  27. Seo, H.-J., Kim, H.-W.: Attribute-based proxy re-encryption with a constant number of pairing operations. J. Inform. Commun. Converg. Eng. 10(1), 53–60 (2012)

    Google Scholar 

  28. Susilo, W., Chen, R., Guo, F., Yang, G., Mu, Y., Chow, Y.-W.: Recipient revocable identity-based broadcast encryption. In: Chen, X. (ed.) ASIACCS (2016)

  29. Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D. (ed.) Public Key Cryptography—PKC 2011, pp. 53–70. Springer (2011)

  30. Waters, B.: Functional encryption for regular languages. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology—CRYPTO 2012, pp. 218–235. Springer (2012)

  31. Zhang, Y., Chen, X., Li, J., Wong, D.S., Li, H.: Anonymous attribute-based encryption supporting efficient decryption test. In Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 511–516. ACM (2013)

Download references

Acknowledgements

This work is partially supported by ARC Project (DP130101383).

Author information

Authors and Affiliations

  1. Institute of Cybersecurity and Cryptology, School of Computing and Information Technology, University of Wollongong, Wollongong, Australia

    Yinhao Jiang, Willy Susilo, Yi Mu & Fuchun Guo

Authors
  1. Yinhao Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fuchun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yinhao Jiang.

Additional information

A preliminary version of this paper is published in the proceedings of the 10th International Conference, ProvSec 2016 [12]. This is the full version.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jiang, Y., Susilo, W., Mu, Y. et al. Ciphertext-policy attribute-based encryption supporting access policy update and its extension with preserved attributes. Int. J. Inf. Secur. 17, 533–548 (2018). https://doi.org/10.1007/s10207-017-0388-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-017-0388-7

Keywords

Search

Navigation