Abstract
With the rapid deployment of storage services, secure and efficient user authorization and revocation data shared through the cloud have become a grand challenge hindering cloud data applications. When previous direct and indirect user revocation schemes implemented large-scale user revocation, they faced heavy communication and computational costs. To address these challenges, this study presents a new encryption scheme that combines ciphertext-policy attribute-based encryption (CP-ABE) with puncturable encryption to achieve efficient and flexible user revocation. We design a proxy server to reduce the computational overhead in the decryption phase. Because the puncture process is performed on a semi-honest cloud, we use the digital signature method to verify the correctness of its operation. Furthermore, we prove the security of our scheme under the chosen-plaintext attack (CPA), and compare it with other schemes to highlight its advantages. Numerical analysis and experimental simulation results reveal that our scheme is more suitable than other schemes for use in a cloud environment for user revocation.
Similar content being viewed by others
References
Feng X Q, Ma J F, Liu S B, et al. Auto-scalable and fault-tolerant load balancing mechanism for cloud computing based on the proof-of-work election. Sci China Inf Sci, 2022, 65: 112102
Wang C Y, Wang D, Xu G A, et al. Efficient privacy-preserving user authentication scheme with forward secrecy for industry 4.0. Sci China Inf Sci, 2022, 65: 112301
Helil N, Rahman K. CP-ABE access control scheme for sensitive data set constraint with hidden access policy and constraint policy. Secur Commun Netw, 2017, 2017: 1–13
Liu Q, Wang G, Wu J. Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf Sci, 2014, 258: 355–370
Cui J, Li B, Zhong H, et al. A practical and efficient bidirectional access control scheme for cloud-edge data sharing. IEEE Trans Parallel Distrib Syst, 2021, 33: 476–488
Li X P, Pan D Y, Wang Y D, et al. Scheduling multi-tenant cloud workflow tasks with resource reliability. Sci China Inf Sci, 2022, 65: 192106
Zhao Y, Xu K, Li Q, et al. Intelligent networking in adversarial environment: challenges and opportunities. Sci China Inf Sci, 2022, 65: 170301
Han D, Pan N, Li K C. A traceable and revocable ciphertext-policy attribute-based encryption scheme based on privacy protection. IEEE Trans Dependable Secure Comput, 2022, 19: 316–327
Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy, 2007. 321–334
Hoang V H, Lehtihet E, Ghamri-Doudane Y. Forward-secure data outsourcing based on revocable attribute-based encryption. In: Proceedings of the 15th International Wireless Communications & Mobile Computing Conference, 2019. 1839–1846
Junod P, Karlov A. An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies. In: Proceedings of the 10th Annual ACM Workshop on Digital Rights Management, 2010. 13–24
Zhou Z, Huang D, Wang Z. Efficient privacy-preserving ciphertext-policy attribute based-encryption and broadcast encryption. IEEE Trans Comput, 2013, 64: 126–138
Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst, 2010, 22: 1214–1221
Cui H, Deng R H, Ding X, et al. Attribute-based encryption with granular revocation. In: Proceedings of International Conference on Security and Privacy in Communication Systems. Cham: Springer, 2016. 165–181
Wei J, Chen X, Huang X, et al. RS-HABE: revocable-storage and hierarchical attribute-based access scheme for secure sharing of e-health records in public cloud. IEEE Trans Dependable Secure Comput, 2019,: 1
Hao J, Tang W, Huang C, et al. Secure data sharing with flexible user access privilege update in cloud-assisted IoMT. IEEE Trans Emerg Top Comput, 2022, 10: 933–947
Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Proceedings of Annual International Cryptology Conference. Berlin: Springer, 2005. 258–275
Lewko A, Sahai A, Waters B. Revocation systems with very small private keys. In: Proceedings of 2010 IEEE Symposium on Security and Privacy, 2010. 273–285
Naor M, Pinkas B. Efficient trace and revoke schemes. In: Proceedings of International Conference on Financial Cryptography. Berlin: Springer, 2000. 1–20
Hao J, Liu J, Wu W, et al. Secure and fine-grained self-controlled outsourced data deletion in cloud-based IoT. IEEE Internet Things J, 2019, 7: 1140–1153
Sahai A, Waters B. Fuzzy identity-based encryption. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, Berlin: Springer, 2005. 457–473
Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006. 89–98
Guan Z T, Yang W T, Zhu L H, et al. Achieving adaptively secure data access control with privacy protection for lightweight IoT devices. Sci China Inf Sci, 2021, 64: 162301
Li Z P, Sharma V, Ma C G, et al. Ciphertext-policy attribute-based proxy re-encryption via constrained PRFs. Sci China Inf Sci, 2021, 64: 169301
Green M, Hohenberger S, Waters B. Outsourcing the decryption of ABE ciphertexts. In: Proceedings of the 20th USENIX Security Symposium, 2011. 523–538
Lai J Z, Deng R H, Guan C, et al. Attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inform Forensic Secur, 2013, 8: 1343–1354
Qin B D, Deng R H, Liu S L, et al. Attribute-based encryption with efficient verifiable outsourced decryption. IEEE Trans Inform Forensic Secur, 2015, 10: 1384–1393
Lin S, Zhang R, Ma H, et al. Revisiting attribute-based encryption with verifiable outsourced decryption. IEEE Trans Inform Forensic Secur, 2015, 10: 2119–2130
Hohenberger S, Waters B. Online/offline attribute-based encryption. In: Proceedings of International Workshop on Public Key Cryptography, 2014. 293–310
Ostrovsky R, Sahai A, Waters B. Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007. 195–203
Zhang P, Chen Z, Liang K, et al. A cloud-based access control scheme with user revocation and attribute update. In: Proceedings of Australasian Conference on Information Security and Privacy. Cham: Springer, 2016. 525–540
Edemacu K, Jang B, Kim J W. Collaborative ehealth privacy and security: an access control with attribute revocation based on OBDD access structure. IEEE J Biomed Health Inform, 2020, 24: 2960–2972
Tu S, Waqas M, Huang F, et al. A revocable and outsourced multi-authority attribute-based encryption scheme in fog computing. Comput Networks, 2021, 195: 108196
Zhang R, Li J, Lu Y, et al. Key escrow-free attribute based encryption with user revocation. Inf Sci, 2022, 600: 59–72
Wang J, Yin X, Ning J, et al. Attribute-based encryption with efficient keyword search and user revocation. In: Proceedings of International Conference on Information Security and Cryptology. Cham: Springer, 2018. 490–509
Green M D, Miers I. Forward secure asynchronous messaging from puncturable encryption. In: Proceedings of 2015 IEEE Symposium on Security and Privacy, 2015. 305–320
Phuong T V X, Ning R, Xin C, et al. Puncturable attribute-based encryption for secure data delivery in Internet of Things. In: Proceedings of IEEE Conference on Computer Communications, 2018. 1511–1519
Sun S F, Yuan X, Liu J K, et al. Practical backward-secure searchable encryption from symmetric puncturable encryption. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, 2018. 763–780
Wei J, Chen X, Wang J, et al. Forward-secure puncturable identity-based encryption for securing cloud emails. In: Proceedings of European Symposium on Research in Computer Security, 2019. 134–150
Sun S F, Sakzad A, Steinfeld R, et al. Public-key puncturable encryption: modular and compact constructions. In: Proceedings of IACR International Conference on Public-Key Cryptography. Cham: Springer, 2020. 309–338
Xiong H, Wang L, Zhou Z, et al. Burn after reading: adaptively secure puncturable identity-based proxy re-encryption scheme for securing group message. IEEE Internet Things J, 2022, 9: 11248–11260
Dutta P, Jiang M, Duong D H, et al. Hierarchical identity-based puncturable encryption from lattices with application to forward security. In: Proceedings of the ACM on Asia Conference on Computer and Communications Security, 2022. 408–422
Acknowledgements
This work was supported by National Key Research and Development Program of China (Grant No. 2021YFB3101100), National Natural Science Foundation of China (Grant Nos. 61902290, 62072352), Key Research and Development Program of Shaanxi (Grant Nos. 2020ZDLGY09-06, 2019ZDLGY12-04), and Guangxi Key Laboratory of Trusted Software (Grant No. kx202004).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ghopur, D., Ma, J., Ma, X. et al. Puncturable ciphertext-policy attribute-based encryption scheme for efficient and flexible user revocation. Sci. China Inf. Sci. 66, 172104 (2023). https://doi.org/10.1007/s11432-022-3585-9
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-022-3585-9