Abstract
Ciphertext-policy attribute-based encryption (CP-ABE) is a well-known cryptographic technology for guaranteeing data confidentiality but also fine-grained data access control. It enables data owners to define flexible access policy for cloud-based data sharing. However, the user revocation and attribute update problems existing in CP-ABE systems that are long-standing unsolved in the literature. In this paper, we propose the first access control (CP-ABE) scheme supporting user revocability and attribute update. Specifically, the user revocation is defined in the identity-based setting that does not conflict our attribute-based design. The cost brought by attribute update is efficient in the sense that we only concentrate on the update of the ciphertexts associated with the corresponding updated attribute. Moreover, the security analysis shows that the proposed scheme is secure under the decisional Bilinear Diffie-Hellman assumption.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: S&P, pp. 321–334. IEEE Computer Society (2007)
Chase, M., Chow, S.: Improving privacy and security in multi-authority attribute-based encryption. In: CCS, pp. 121–130. ACM (2009)
Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. In: CCS, pp. 456–465. ACM (2007)
Horváth, M.: Attribute-based encryption optimized for cloud computing. In: Italiano, G.F., Margaria-Steffen, T., Pokorný, J., Quisquater, J.-J., Wattenhofer, R. (eds.) SOFSEM 2015-Testing. LNCS, vol. 8939, pp. 566–577. Springer, Heidelberg (2015)
Hur, J.: Improving security and efficiency in attribute-based data sharing. IEEE T. Knowl. Data En. 25(10), 2271–2282 (2013)
Li, Y., Zhu, J., Wang, X., Chai, Y., Shao, S.: Optimized ciphertext-policy attribute-based encryption with efficient revocation. Int. J. Secur. Appl. 7(6), 281–287 (2013)
Liang, K., Susilo, W.: Searchable attribute-based mechanism with efficient data sharing for secure cloud storage. IEEE Trans. Inf. Forensics Secur. 10(9), 1981–1992 (2015)
Liang, K., Susilo, W., Liu, J.K.: Privacy-preserving ciphertext multi-sharing control for big data storage. IEEE Trans. Inf. Forensics Secur. 10(8), 1578–1589 (2015)
Liang, K., Liu, J.K., Wong, D.S., Susilo, W.: An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 257–272. Springer, Heidelberg (2014)
Liu, Q., Wang, G., Wu, J.: Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Inf. Sci. 258(3), 355–370 (2014)
Liu, X., Ma, J., Xiong, J., Li, Q., Ma, J.: Ciphertext-policy weighted attribute based encryption for fine-grained access control. In: INCoS, pp. 51–57. IEEE Computer Society (2013)
Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012)
Shi, Y., Zheng, Q., Liu, J., Han, Z.: Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation. Inf. Sci. 295, 221–231 (2015)
Wang, S., Yu, J., Zhang, P., Wang, P.: A novel file hierarchy access control scheme using attribute-based encryption. Appl. Mech. Mater. 701, 911–918 (2015)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011)
Yang, Y., Liu, J.K., Liang, K., Choo, K.-K.R., Zhou, J.: Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In: Pernul, G., Y A Ryan, P., Weippl, E. (eds.) ESORICS 2015, Part II. LNCS, vol. 9327, pp. 146–166. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24177-7_8
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: CCS, pp. 261–270. ACM (2010)
Zhu, W., Yu, J., Wang, T., Zhang, P., Xie, W.: Efficient attribute-based encryption from R-LWE. Chin. J. Electron. 23(4), 778–782 (2014)
Acknowledgments
The work of this paper is supported by the National Natural Science Foundation of China (61171072), the Science & Technology Innovation Projects of Shenzhen, China(ZDSYS20140430164957660, JCYJ20140418095735596, JCYJ20150324141711562, JCYJ20150324141711665). Kaitai Liang is supported by privacy-aware retrieval and modelling of genomic data (PRIGENDA, No. 13283250), the Academy of Finland.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, P., Chen, Z., Liang, K., Wang, S., Wang, T. (2016). A Cloud-Based Access Control Scheme with User Revocation and Attribute Update. In: Liu, J., Steinfeld, R. (eds) Information Security and Privacy. ACISP 2016. Lecture Notes in Computer Science(), vol 9722. Springer, Cham. https://doi.org/10.1007/978-3-319-40253-6_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-40253-6_32
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40252-9
Online ISBN: 978-3-319-40253-6
eBook Packages: Computer ScienceComputer Science (R0)