Generic user revocation systems for attribute-based encryption in cloud storage

  • Genlang ChenEmail author
  • Zhiqian Xu
  • Hai Jiang
  • Kuan-ching Li


Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. Attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.

Key words

Attribute-based encryption Generic user revocation User privacy Cloud storage Access control 

CLC number



Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Attrapadung N, Libert B, de Panafieu E, 2011. Expressive key-policy attribute-based encryption with constant-size ciphertexts. LNCS, 6571:90–108. MathSciNetzbMATHGoogle Scholar
  2. Attrapadung N, Herranz J, Laguillaumie F, et al., 2012. Attribute-based encryption schemes with constant-size ciphertexts. Theor Comput Sci, 422(9):15–38. MathSciNetCrossRefzbMATHGoogle Scholar
  3. Au MH, Tsang PP, Susilo W, et al., 2009. Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. LNCS, 5473:295–308. MathSciNetzbMATHGoogle Scholar
  4. Benaloh J, de Mare M, 1993. One-way accumulators: a decentralized alternative to digital signatures. LNCS, 765:274–285. zbMATHGoogle Scholar
  5. Bethencourt J, Sahai A, Waters B, 2007. Ciphertext-policy attribute-based encryption. Proc IEEE Symp on Security and Privacy, p.321–334. Google Scholar
  6. Boneh D, Franklin M, 2003. Identity-based encryption from the Weil pairing. SIAM J Comput, 32(3):586–615. MathSciNetCrossRefzbMATHGoogle Scholar
  7. Brickell E, Camenisch J, Chen LQ, 2004. Direct anonymous attestation. Proc 11th ACM Conf on Computer and Communications Security, p.132–145. Google Scholar
  8. Camenisch J, Lysyanskaya A, 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. LNCS, 2442:61–76. MathSciNetzbMATHGoogle Scholar
  9. Canetti R, Halevi S, Katz J, 2004. Chosen-ciphertext security from identity-based encryption. LNCS, 3027:207–222. MathSciNetzbMATHGoogle Scholar
  10. Carroll M, van der Merwe A, Kotzé P, 2011. Secure cloud computing: benefits, risks and controls. Information Security South Africa, p.1–9. Google Scholar
  11. Chase M, 2007. Multi-authority attribute based encryption. Proc 4th Conf on Theory of Cryptography, p.515–534. CrossRefGoogle Scholar
  12. Chase M, Chow SS, 2009. Improving privacy and security in multi-authority attribute-based encryption. Proc 16th ACM Conf on Computer and Communications Security, p.121–130. Google Scholar
  13. Chen C, Zhang ZF, Feng DG, 2011. Efficient ciphertext policy attribute-based encryption with constantsize ciphertext and constant computation-cost. LNCS, 6980:84–101. zbMATHGoogle Scholar
  14. Chen C, Chen J, Lim HW, et al., 2013. Fully secure attributebased systems with short ciphertexts/signatures and threshold access structures. LNCS, 7779:50–67. zbMATHGoogle Scholar
  15. Cheung L, Newport C, 2007. Provably secure ciphertext policy ABE. Proc 14th ACM Conf on Computer and Communications Security, p.456–465. Google Scholar
  16. Chow R, Golle P, Jakobsson M, et al., 2009. Controlling data in the cloud: outsourcing computation without outsourcing control. Proc ACM Cloud Computing Security Workshop, p.85–90. Google Scholar
  17. Emura K, Miyaji A, Nomura A, et al., 2009. A ciphertextpolicy attribute-based encryption scheme with constant ciphertext length. LNCS, 5451:13–23. Google Scholar
  18. Gibson J, Rondeau R, Eveleig D, et al., 2012. Benefits and challenges of three cloud computing service models. 4th Int Conf on Computational Aspects of Social Networks, p.198–205. Google Scholar
  19. Goyal V, Pandey O, Sahai A, et al., 2006. Attribute-based encryption for fine-grained access control of encrypted data. Proc 13th ACM Conf on Computer and Communications Security, p.89–98. Google Scholar
  20. Goyal V, Jain A, Pandey O, et al., 2008. Bounded ciphertext policy attribute based encryption. LNCS, 5126:579–591. MathSciNetzbMATHGoogle Scholar
  21. Han JG, Susilo W, Mu Y, et al., 2012. Privacypreserving decentralized key-policy attribute-based encryption. IEEE Trans Parall Distrib Syst, 23(11):2150–2162. CrossRefGoogle Scholar
  22. Hayes B, 2008. Cloud computing. Commun ACM, 51(7):9–11. CrossRefGoogle Scholar
  23. Herranz J, Laguillaumie F, Ràfols C, 2010. Constant size ciphertexts in threshold attribute-based encryption. LNCS, 6056:19–34. MathSciNetzbMATHGoogle Scholar
  24. Hur J, Noh DK, 2011. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parall Distrib Syst, 22(7):1214–1221. CrossRefGoogle Scholar
  25. Ibraimi L, Tang Q, Hartel P, et al., 2009. Efficient and provable secure ciphertext-policy attribute-based encryption schemes. LNCS, 5451:1–12. Google Scholar
  26. Jahid S, Mittal P, Borisov N, 2011. Easier: encryption-based access control in social networks with efficient revocation. Proc 6th ACM Symp on Information, Computer and Communications Security, p.411–415. Google Scholar
  27. Junod P, Karlov A, 2010. An efficient public-key attributebased broadcast encryption scheme allowing arbitrary access policies. Proc 10th Annual ACM Workshop on Digital Rights Management, p.13–24. CrossRefGoogle Scholar
  28. Karchmer M, Wigderson A, 1993. On span programs. Proc 8th Annual Structure in Complexity Theory Conf, p.102–111. Google Scholar
  29. Lewko A, Waters B, 2011. Decentralizing attribute-based encryption. LNCS, 6632:568–588. MathSciNetzbMATHGoogle Scholar
  30. Lewko A, Sahai A, Waters B, 2010a. Revocation systems with very small private keys. IEEE Symp on Security and Privacy, p.273–285. Google Scholar
  31. Lewko A, Okamoto T, Sahai A, et al., 2010b. Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. LNCS, 6110: 62–91. MathSciNetzbMATHGoogle Scholar
  32. Li J, Huang Q, Chen XF, et al., 2011. Multi-authority ciphertext-policy attribute-based encryption with accountability. Proc ACM Symp on Information, Computer and Communications Security, p.386–390. Google Scholar
  33. Lin H, Cao ZF, Liang XH, et al., 2008. Secure threshold multi authority attribute based encryption without a central authority. LNCS, 5365:426–436. MathSciNetzbMATHGoogle Scholar
  34. Miller HG, Veiga J, 2009. Cloud computing: will commodity services benefit users long term? IT Prof, 11(6):57–59.
  35. Nguyen L, 2005. Accumulators from bilinear pairings and applications. LNCS, 3376:275–292. MathSciNetzbMATHGoogle Scholar
  36. Okamoto T, Takashima K, 2010. Fully secure functional encryption with general relations from the decisional linear assumption. LNCS, 6223:191–208. MathSciNetzbMATHGoogle Scholar
  37. Ostrovsky R, Sahai A, Waters B, 2007. Attribute-based encryption with non-monotonic access structures. Proc 14th ACM Conf on Computer and Communications Security, p.195–203. Google Scholar
  38. Parno B, Raykova M, Vaikuntanathan V, 2012. How to delegate and verify in public: verifiable computation from attribute-based encryption. LNCS, 7194:422–439. zbMATHGoogle Scholar
  39. Pirretti M, Traynor P, McDaniel P, et al., 2006. Secure attribute-based systems. Proc 13th ACM Conf on Computer and Communications Security, p.99–112. Google Scholar
  40. Ren K, Wang C, Wang Q, 2012. Security challenges for the public cloud. IEEE Int Comput, 16(1):69–73. CrossRefGoogle Scholar
  41. Sahai A, Waters B, 2005. Fuzzy identity-based encryption. LNCS, 3494:457–473. MathSciNetzbMATHGoogle Scholar
  42. Sahai A, Seyalioglu H, Waters B, 2012. Dynamic credentials and ciphertext delegation for attribute-based encryption. LNCS, 7417:199–217. MathSciNetzbMATHGoogle Scholar
  43. Shamir A, 1979. How to share a secret. Commun ACM, 22(11):612–613. MathSciNetCrossRefzbMATHGoogle Scholar
  44. Wang C, Wang Q, Ren K, et al., 2009. Ensuring data storage security in cloud computing. 17th Int Workshop on Quality of Service, p.1–9. Google Scholar
  45. Wang GJ, Liu Q, Wu J, et al., 2011. Hierarchical attributebased encryption and scalable user revocation for sharing data in cloud servers. Comput Secur, 30(5):320–331. CrossRefGoogle Scholar
  46. Wang ZJ, Huang DJ, 2018. Privacy-preserving mobile crowd sensing in ad hoc networks. Ad Hoc Networks, 73:14–26. CrossRefGoogle Scholar
  47. Wang ZJ, Huang DJ, Wu HJ, et al., 2014. Towards distributed privacy-preserving mobile access control. IEEE Global Communications Conf, p.582–587. Google Scholar
  48. Wang ZJ, Huang DJ, Zhu Y, et al., 2015. Efficient attributebased comparable data access control. IEEE Trans Comput, 64(12):3430–3443. MathSciNetCrossRefzbMATHGoogle Scholar
  49. Waters B, 2011. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. LNCS, 6571:53–70. MathSciNetzbMATHGoogle Scholar
  50. Weiss A, 2007. Computing in the clouds. NetWorker, 11(4):16–25. CrossRefGoogle Scholar
  51. Xu ZQ, Martin KM, 2012. Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. 11th IEEE Int Conf on Trust, Security and Privacy in Computing and Communications, p.844–849. Google Scholar
  52. Xu ZQ, Martin KM, 2013. A practical deployment framework for use of attribute-based encryption in data protection. IEEE 10th Int Conf on High Performance Computing and Communications & IEEE Int Conf on Embedded and Ubiquitous Computing, p.1593–1598. Google Scholar
  53. Yang K, Jia XH, Ren K, 2013. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. Proc 8th ACM SIGSAC Symp on Information, Computer and Communications Security, p.523–528. Google Scholar
  54. Yu SC, Ren K, Lou WJ, 2008. Attribute-based content distribution with hidden policy. 4th Workshop on Secure Network Protocols, p.39–44. Google Scholar
  55. Yu SC, Wang C, Ren K, et al., 2010. Achieving secure, scalable, and fine-grained data access control in cloud computing. Proc IEEE INFOCOM, p.534–542. Google Scholar

Copyright information

© Editorial Office of Journal of Zhejiang University Science and Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Genlang Chen
    • 1
    Email author
  • Zhiqian Xu
    • 2
  • Hai Jiang
    • 3
  • Kuan-ching Li
    • 4
  1. 1.Institute of Ningbo TechnologyZhejiang UniversityNingboChina
  2. 2.New YorkUSA
  3. 3.Department of Computer ScienceArkansas State UniversityJonesboroUSA
  4. 4.Department of Computer Science and Information EngineeringProvidence UniversityTaiwanChina

Personalised recommendations