Fully Secure Ciphertext-Policy Attribute Based Encryption with Security Mediator

  • Yuechen Chen
  • Zoe L. Jiang
  • S. M. Yiu
  • Joseph K. Liu
  • Man Ho Au
  • Xuan Wang
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8958)

Abstract

Attribute-Based Encryption (ABE) offers fine-grained decryption policy such that users can do decryption if their attributes satisfy the policy. Such flexibility enables it applicable in various applications in government and business. However, there are two issues that should be solved first before it is deployed in practice, namely user revocation and decryption outsourcing. In this paper, we adopt the slightly modified Lewko et al.’s fully-CCA-secure Ciphertext-Policy-ABE (CP-ABE) combining with Boneh et al.’s idea of mediated cryptography to propose a CP-ABE with SEcurity Mediator (SEM) supporting immediate user revocation. At the same time, by the introduce of SEM, we intendedly outsource most of the computation workload in decryption to SEM side and leave only one exponentiation and one division at user side for decryption. It is proved fully-RCCA-CCA-secure in random oracle model.

Keywords

CP-ABE Decryption outsourcing Dual encryption system Security mediator User revocation 
This is a preview of subscription content, log in to check access.

Notes

Acknowledgments

The paper is funded by the National Natural Science Foundation of China under Grants 61402136 and 61240011, Shenzhen Development and Reform Commission [2012]720, Shenzhen Development and Reform Commission [2012]900, Shenzhen Basic Research JC201104210032A and JC201005260112A, and the Seed Funding Programme for Basic Research, HKU 201311159040.

References

  1. 1.
    Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  2. 2.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 89–98 (2006)Google Scholar
  3. 3.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  4. 4.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (SP 2007), pp. 321–334 (2007)Google Scholar
  5. 5.
    Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: 14th ACM conference on Computer and communications security (CCS 2007), pp. 456–465 (2007)Google Scholar
  6. 6.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 195–203 (2007)Google Scholar
  7. 7.
    Boldyreva, A., Goyal, V., Kumar, V.: Identity-based Encryption with Efficient Revocation. In: ACM conference on Computer and communications security (2008)Google Scholar
  8. 8.
    Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 278–300. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  9. 9.
    Liang, X., Lu, R., Lin, X., Shen, X.: Ciphertext policy attribute-based encryption with efficient revocation. Technical report, University of Waterloo (2010)Google Scholar
  10. 10.
    Qian, J., Dong, X.: Fully secure revocable attribute-based encryption. J. Shanghai Jiaotong Univ. (Sci.) 16, 490–496 (2011)CrossRefMATHGoogle Scholar
  11. 11.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public Key Cryptography (PKC 2011), pp. 53–70 (2011)Google Scholar
  12. 12.
    Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  13. 13.
    Yamada, S., Attrapadung, N., Hanaoka, G., Kunihiro, N.: Generic constructions for chosen-ciphertext secure attribute based encryption. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 71–89. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  14. 14.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  15. 15.
    Okamoto, T., Takashima, K.: Fully secure functional encryption with general relations from the decisional linear assumption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 191–208. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  16. 16.
    Green, M., Hohenberger, S., Waters, B.: Outsourcing the Decryption of ABE Ciphertexts. In: USENIX Security Symposium (2011)Google Scholar
  17. 17.
    Lynn, B.: The Stanford Pairing Based Crypto Library. http://crypto.stanford.edu/pbc
  18. 18.
    Hur, J., Noh, D.K.: Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans. Parallel Distrib. Syst. 22(7), 1214–1221 (2011)CrossRefGoogle Scholar
  19. 19.
    Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of the 5th ACM Symposium on Information. Computer and Communications Security (AsiaCCS 2010), pp. 261–270 (2010)Google Scholar
  20. 20.
    Boneh, D., Ding, X., Tsudik, G.: Fine-grained control of security capabilities. ACM Trans. Internet Technol. (TOIT) 4(1), 60–82 (2004)CrossRefGoogle Scholar
  21. 21.
    Chow, S.S.M., Boyd, C., González Nieto, J.M.: Security-mediated certificateless cryptography. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 508–524. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  22. 22.
    Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 465–482. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  23. 23.
    Chung, K.-M., Kalai, Y., Vadhan, S.: Improved delegation of computation using fully homomorphic encryption. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 483–501. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  24. 24.
    Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  25. 25.
    Ibraimi, L., Petkovic, M., Nikova, S., Hartel, P., Jonker, W.: Mediated ciphertext-policy attribute-based encryption and its application. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 309–323. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  26. 26.
    Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. In: ACM Conference on Computer and Communications Security, pp. 99–112 (2006)Google Scholar
  27. 27.
    Pirretti, M., Traynor, P., McDaniel, P., Waters, B.: Secure attribute-based systems. J. Comput. Secur. 18(5), 799–837 (2010)Google Scholar
  28. 28.
    Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  29. 29.
    Yang, K., Jia, X., Ren, K., Huang, L.: Enabling efficient access control with dynamic policy updating for big data in the cloud. In: Proceedings IEEE on INFOCOM 2014, pp. 2013–2021 (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Yuechen Chen
    • 1
    • 5
  • Zoe L. Jiang
    • 1
  • S. M. Yiu
    • 2
  • Joseph K. Liu
    • 3
  • Man Ho Au
    • 4
  • Xuan Wang
    • 1
    • 6
  1. 1.Harbin Institute of Technology Shenzhen Graduate SchoolShenzhenChina
  2. 2.HKSARThe University of Hong KongHong KongChina
  3. 3.Institute for Infocomm ResearchSingaporeSingapore
  4. 4.University of WollongongWollongongAustralia
  5. 5.Shenzhen Applied Technology Engineering Laboratory for Internet Multimedia ApplicationShenzhenChina
  6. 6.Public Service Platform of Mobile Internet Application Security IndustryShenzhenChina

Personalised recommendations