Ciphertext-Policy Attribute-Based Encryption with User Revocation Support

Attribute-Based Encryption (ABE) must provide an efficient revocation mechanism since a user’s private key can be compromised or expired over time. The existing revocable ABE schemes have the drawbacks of heavy computational costs on key updates and encryption operations, which make the entities for performing these operations a possible bottleneck in practice applications. In this paper, we propose an efficient Ciphertext-Policy Attribute-Based Online/Offline Encryption with user Revocation (R-CP-ABOOE). We integrate the subset difference method with ciphertext-policy ABE to significantly improve key-update efficiency on the side of the trusted party from O(rlog⁡(N/r)) to O(r), where N is the number of users and r is the number of revoked users. To reduce the encryption burden for mobile devices, we use the online/offline technology to shift the majority of encryption work to the offline phase, and then mobile devices only need to execute a few simple computations to create a ciphertext. In addition, we exploit a novel trick to prove its selective security under the q-type assumption. Performance analysis shows that our scheme greatly improves the key-update efficiency for the trusted party and the encryption efficiency for mobile devices.

Download Full-text

Securing E-health Data using Ciphertext-Policy Attribute-Based Encryption with Dynamic User Revocation

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c6309.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 7244-7250

Keyword(s):

Access Control ◽

Service Providers ◽

Health Data ◽

Security And Privacy ◽

Unique Identifier ◽

Fine Grained ◽

Attribute Based Encryption ◽

User Revocation ◽

Role Based ◽

Ciphertext Policy

E-health systems hold a massive amount of medical data that is stored and shared across healthcare service providers to deliver health facilities. However, security and privacy worries increase when sharing this data over distributed settings. As a result, Cryptography techniques have been considered to secure e-health data from unauthorized access. The Ciphertext Policy Attribute-Based Encryption (CP-ABE) is commonly utilized in such a setting, which provides role-based and fine-grained access control over encrypted data. The CP-ABE suffers from the problem of user revocation where the entire policy must be changed even when only one user is revoked or removed from the policy. In this paper, we proposed a CP-ABE based access control model to support user revocation efficiently. Specifically, the proposed model associates a unique identifier to each user. This identifier is added to the policy attributes and removed dynamically when the user is added/revoked. A tree structure (PolicyPathTree) is designed specifically for our model. It can facilitate fast access to policy's attributes during the verification process; The model is analyzed using Information Theory Tools. Results show that our model outperforms other notable work in terms of computational overheads.,

Download Full-text

Efficient access control with traceability and user revocation in IoT

Multimedia Tools and Applications ◽

10.1007/s11042-021-11286-0 ◽

2021 ◽

Author(s):

Yi Wu ◽

Wei Zhang ◽

Hu Xiong ◽

Zhiguang Qin ◽

Kuo-Hui Yeh

Keyword(s):

Internet Of Things ◽

Mobile Devices ◽

Data Privacy ◽

Constant Size ◽

Security Proof ◽

Attribute Based Encryption ◽

Efficient Access ◽

Cloud Server ◽

User Revocation ◽

Ciphertext Policy

AbstractWith the universality and availability of Internet of Things (IoT), data privacy protection in IoT has become a hot issue. As a branch of attribute-based encryption (ABE), ciphertext policy attribute-based encryption (CP-ABE) is widely used in IoT to offer flexible one-to-many encryption. However, in IoT, different mobile devices share messages collected, transmission of large amounts of data brings huge burdens to mobile devices. Efficiency is a bottleneck which restricts the wide application and adoption of CP-ABE in Internet of things. Besides, the decryption key in CP-ABE is shared by multiple users with the same attribute, once the key disclosure occurs, it is non-trivial for the system to tell who maliciously leaked the key. Moreover, if the malicious mobile device is not revoked in time, more security threats will be brought to the system. These problems hinder the application of CP-ABE in IoT. Motivated by the actual need, a scheme called traceable and revocable ciphertext policy attribute-based encryption scheme with constant-size ciphertext and key is proposed in this paper. Compared with the existing schemes, our proposed scheme has the following advantages: (1) Malicious users can be traced; (2) Users exiting the system and misbehaving users are revoked in time, so that they no longer have access to the encrypted data stored in the cloud server; (3) Constant-size ciphertext and key not only improve the efficiency of transmission, but also greatly reduce the time spent on decryption operation; (4) The storage overhead for traceability is constant. Finally, the formal security proof and experiment has been conducted to demonstrate the feasibility of our scheme.

Download Full-text

Fine-Grained Access Control with Efficient Revocation in Cloud Storage

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.571-572.79 ◽

2014 ◽

Vol 571-572 ◽

pp. 79-89

Author(s):

Ting Zhong ◽

You Peng Sun ◽

Qiao Liu

Keyword(s):

Access Control ◽

Cloud Storage ◽

Storage System ◽

Fine Grained ◽

Computational Overhead ◽

Attribute Based Encryption ◽

Encrypt Data ◽

User Revocation ◽

Ciphertext Policy ◽

Access Policies

In the cloud storage system, the server is no longer trusted, which is different from the traditional storage system. Therefore, it is necessary for data owners to encrypt data before outsourcing it for sharing. Simultaneously, the enforcement of access policies and support of policies updates becomes one of the most challenging issues. Ciphertext-policy attribute-based encryption (CP-ABE) is an appropriate solution to this issue. However, it comes with a new obstacle which is the attribute and user revocation. In this paper, we propose a fine-grained access control scheme with efficient revocation based on CP-ABE approach. In the proposed scheme, we not only realize an efficient and immediate revocation, but also eliminate some burden of computational overhead. The analysis results indicate that the proposed scheme is efficient and secure for access control in cloud storage systems.

Download Full-text

Traceable Ciphertext Policy Attribute-based Encryption Scheme with User Revocation for Cloud Storage

2020 International Conference on Computer Engineering and Application (ICCEA) ◽

10.1109/iccea50009.2020.00026 ◽

2020 ◽

Author(s):

Xiong Wang ◽

Yaping Chi ◽

Yang Zhang

Keyword(s):

Cloud Storage ◽

Encryption Scheme ◽

Attribute Based Encryption ◽

User Revocation ◽

Ciphertext Policy

Download Full-text

Traceable ciphertext-policy attribute-based encryption scheme with attribute level user revocation for cloud storage

PLoS ONE ◽

10.1371/journal.pone.0203225 ◽

2018 ◽

Vol 13 (9) ◽

pp. e0203225 ◽

Cited By ~ 6

Author(s):

Shangping Wang ◽

Keke Guo ◽

Yaling Zhang

Keyword(s):

Cloud Storage ◽

Attribute Level ◽

Encryption Scheme ◽

Attribute Based Encryption ◽

User Revocation ◽

Ciphertext Policy

Download Full-text

Large Universe Ciphertext-Policy Attribute-Based Encryption with Attribute Level User Revocation in Cloud Storage

The International Arab Journal of Information Technology ◽

10.34028/iajit/17/1/13 ◽

2019 ◽

Vol 17 (1) ◽

pp. 107-117 ◽

Cited By ~ 1

Author(s):

Huijie Lian ◽

Qingxian Wang ◽

Guangbo Wang

Keyword(s):

Cloud Storage ◽

Attribute Level ◽

Cloud Provider ◽

Secret Key ◽

Computational Load ◽

Attribute Based Encryption ◽

The Standard Model ◽

Important Challenge ◽

User Revocation ◽

Ciphertext Policy

Ciphertext-Policy Attribute-Based Encryption (CP-ABE), especially large universe CP-ABE that is not bounded with the attribute set, is getting more and more extensive application in the cloud storage. However, there exists an important challenge in original large universe CP-ABE, namely dynamic user and attribute revocation. In this paper, we propose a large universe CP-ABE with efficient attribute level user revocation, namely the revocation to an attribute of some user cannot influence the common access of other legitimate attributes. To achieve the revocation, we divide the master key into two parts: delegation key and secret key, which are sent to the cloud provider and user separately. Note that, our scheme is proved selectively secure in the standard model under "q-type" assumption. Finally, the performance analysis and experimental verification have been carried out in this paper, and the experimental results show that, compared with the existing revocation schemes, although our scheme increases the computational load of storage Service Provider (CSP) in order to achieve the attribute revocation, it does not need the participation of Attribute Authority (AA), which reduces the computational load of AA. Moreover, the user does not need any additional parameters to achieve the attribute revocation except of the private key, thus saving the storage space greatly

Download Full-text