A cloud based enhanced CPABE framework for efficient user and attribute-level revocation

Abstract

Outsourcing massive amounts of data to the cloud service provider (CSP) has raised various security concerns for data confidentiality and access control. The ciphertext policy attribute based encryption (CPABE) scheme allows data owners to impose access control on their cloud-resident sensitive data. This paper has studied the approaches adopted to revoke users by the existing bilinear pairing cryptography based CPABE schemes. The existing studies have suggested solutions to revocation either by updating the non-revoked users’ keys or updating the ciphertext. Such approaches increase computational overhead for resource-constrained devices. In addition, a few studies have discussed the possibility of the CSP becoming dishonest and colluding with the revoked users. The likelihood of a collusion attack caused by the CSP and the revoked users also needs extensive attention. The development of the proposed proxy-based framework aims to extend the existing CPABE scheme and simplify the revocation of access rights at the user and attribute level with scalability, dynamicity, collusion resistance, and forward/backward secrecy. The proposed framework uses bilinear pairing cryptography and LSSS as an access structure. Furthermore, the security and performance analysis of the proposed framework reflects that it is implementable, better, and more secure than the existing work.