CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption

doi:10.3969/j.issn.1671-1122.2020.03.012

Abstract

Abstract:

The attribute-based encryption mechanism provides a flexible access control scheme for data sharing and management in a cloud environment. However, the traditional attribute-based encryption scheme has the problems of high decryption complexity and difficulty in attribute revocation, which leads to limited application of the attribute-based encryption mechanism in practice. Aiming at the above problems, this paper proposes a ciphertext-policy attribute-based encryption scheme, which only needs to update the corresponding secret in the attribute revocation process. The text component effectively reduces the computational cost of the ciphertext update, and the attribute revocation process is transparent to the user. The user does not need to participate in the ciphertext and the key update, thereby reducing the impact of the attribute revocation on the user. At the same time, the decryption agent is introduced to outsource the part with large computational cost in the decryption process to the server, thereby reducing the decryption overhead of the client. Security analysis shows that this scheme can resist joint collusion and selective plaintext attacks. Finally, through comparative analysis, the scheme has certain advantages in the computational overhead of the ciphertext update and decryption process.

Key words: attribute-based encryption, access control, attribute revocation, outsourcing decryption

CLC Number:

TP309

LIU Peng, HE Qian, LIU Wangyang, CHENG Xu. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption[J]. Netinfo Security, 2020, 20(3): 90-97.

Figures/Tables 2

References 21

[1]	FENG Dengguo, ZHANG Min, ZHANG Yan, et al.Study on Cloud Computing Security[J]. Journal of Software, 2011, 22(1): 71-83.
	冯登国,张敏,张妍,等.云计算安全研究[J].软件学报,2011,22(1):71-83.
[2]	SAHAI A, WATERS B.Fuzzy identity-based encryption[C]//IACR. 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 22-26, 2005, Aarhus, Denmark. Heidelberg: Springer-Verlag, 2005: 457-473.
[3]	GOYAL V, PANDEY O, SAHAI A, et al.Attribute-based encryption for fine-grained access control of encrypted data[C]//ACM. 13th ACM Conference on Computer and Communicatons Security, October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 89-98.
[4]	BETHENCOURT J, SAHAI A, WATERS B.Ciphertext-Policy Attribute-Based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy, May 20-23, 2007, Oakland, Califormia, USA. New Jersey: IEEE, 2007: 321-334.
[5]	WATERS B.Ciphertext-Policy Attribute-Based Encryption: an Expressive, Efficient, and Provably Secure Realization[C]//IACR. 14th International Conference on Practice and Theory in Public Key Cryptography, March 6-9, 2011, Taormina, Italy. Heidelberg: Springer, 2011: 53-70.
[6]	PIRRETTI M, TRAYNOR P, et al.Secure attribute-based systems[C]//ACM, 13th ACM Conference on Computer and Communication Security, October 30-November 3, 2006, Alexandria, VA, USA. New York: ACM, 2006: 799-837.
[7]	BOLDYREVA A, GOYAL V, KUNMAR V.Identity-based encryption with efficient re-vocation modes[C]//ACM. 15th ACM Conference on Computer and Communications Security, November 3-7, 2008, Alexandria, VA, USA. New York: ACM, 2008: 417-426.
[8]	HUR J, DONG K N.Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems[J]. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(7): 1214-1221.
[9]	XIE Xingxing, MA Hua, LI Jin, et al.An Efficient Ciphertext Policy Attribute-Based Access Control Towards Revocation in Cloud Computing[J]. Journal of Universal Computerence, 2013, 19(16): 2349-2367.
[10]	MA Hua, BAI Cuicui, LI Bin, et al.Attribute-Based Encryption Scheme Support in Attribute Revocation and Decryption Outsourcing[J]. Journal of Xidian University(Science & Technology), 2015, 42(6): 6-10.
	马华,白翠翠,李宾,等.支持属性撤销和解密外包的属性基加密方案[J].西安电子科技大学学报,2015,42(6):6-10.
[11]	SHIRAISHI Y, NOMURA K, MOHRI M, et al.Attribute Revocable Attribute-Based Encryption with Forward Secrecy for Fine-Grained Access Control of Shared Data[J]. IEICE Transactions on Information and Systems, 2017, 100(10): 2432-2439.
[12]	SUN Lei, ZHAO Zhiyuan, WANG Jianhua, et al.Attribute-Based Encryption Scheme Supporting Attribute Revocation in Cloud Storage Environment[J]. Journal on Communications, 2019, 40(5): 47-56.
	孙磊,赵志远,王建华,等.云存储环境下支持属性撤销的属性基加密方案[J].通信学报,2019,40(5):47-56.
[13]	GREEN M, HOHENBERGER S, WATERS B.Outsourcing the Decryption of ABE Ciphertexts[C]//ACM. 2011 USENIX Conference on Security, August 8-12, 2011, San Francisco, CA. New York: ACM, 2011: 1-16.
[14]	MAO Xianping, LAI Junzuo, MEI Qixiang, et al.Generic and Efficient Constructions of Attribute-Based Encryption with Verifiable Outsourced Decryption[J]. IEEE Transactions on Dependable & Secure Computing, 2016, 13(5): 533-546.
[15]	WANG Hao, HE Debiao, SHEN Jian, et al.Verifiable Outsourced Ciphertext-Policy Attribute-Based Encryption in Cloud Computing[J]. Soft Computing, 2016, 21(24): 1-11.
[16]	LI Jin, HUANG Xinyi, CHEN Xiaofeng, et al.Securely Outsourcing Attribute-Based Encryption with Checkability[J]. IEEE Transactions on Parallel and Distributed Systems, 2014, 25(8): 2201-2210.
[17]	CHOW S S M. A Framework of Multi-Authority Attribute-Based Encryption with Outsourcing and Revocation[C]//ACM. 21th ACM on Symposium on Access Control Models and Technologies. June 5-8, 2016, Shanghai, China. New York: ACM, 2016: 215-226.
[18]	WU Xianglong, JIANG Rui, BHARGAVA B.On the Security of Data Access Control for Multiauthority Cloud Storage Systems[J]. IEEE Transactions on Services Computing, 2015, 10(2): 285-272.
[19]	YU Shucheng, WANG Cong, REN K, et al.Attribute-Based Data Sharing with Attribute Revocation[C]//ACM. 5th ACM Symposium on Information, Computer and Communications Security, April 13-16, 2010, Beijing, China. New York: ACM, 2010: 262-270.
[20]	ZHANG Rui, MA Hui, LU Yao.Fine-Grained Access Control System Based on Fully out Sourced Attribute-Based Encryption[J]. Journal of Systems and Software, 2017, 125(C): 344-353.
[21]	ZHAO Zhiyuan, WANG Jianhua, XU Kaiyong, et al.Fully Outsourced Attribute-Based Encryption with Varifiability for Cloud Storage[J]. Journal of Computer Research and Development, 2019, 56(2): 442-452.
	赵志远,王建华,徐开勇,等. 面向云存储的支持完全外包属性基加密方案[J]. 计算机研究与发展,2019,56(2):442-452.

方案	访问结构	安全假设	安全模型	外包解密
文献[8]	Tree	——	标准模型	不支持
文献[11]	LSSS	q-parallelBDHE	一般群模型	不支持
文献[12]	LSSS	CDH	标准模型	支持
本文方案	LSSS	DBDH	标准模型	支持

方案	密钥生成	密文生成	密文更新	解密
文献[8]	(2\|S\|+3)E	(2L+1)E+P	(2L+3)E	2(L-1)E+(2L+1)P
文献[11]	(\|S\|+2)E	(2L+1)E+P	LE	(2L+1)P
文献[12]	2(\|S\|+1)E	(3L+1)E+P	(L+2)E	E
本文方案	(\|S\|+2)E	(2L+1)E+P	2E	E