An enhanced traceable CP-ABE scheme against various types of privilege leakage in cloud storage

Abstract

Cloud storage can save not only local storage costs but also provide data-sharing services. Ciphertext-policy attribute-based encryption (CP-ABE) can work as the underlying engine for cloud storage since it supports one-to-many encryption and fine-grained access control. To prevent users from disclosing their access permissions, we can apply traceable CP-ABE systems. There are two kinds of traceability: white-box traceability and black-box traceability. White-box traceability is simple and efficient, but it cannot support black-box tracing; black-box traceability supports white-box tracing, but its operations are usually cumbersome. So, these two kinds of traceability are unable (or unsuitable) to solve each other’s problems. However, in cloud storage applications, users may leak their privileges in various ways, which means the underlying CP-ABE system should have multiple traceability. Unfortunately, the current traceable CP-ABE schemes only support single traceability. Therefore, we propose a novel CP-ABE scheme with enhanced traceability. It intertwines white-box and black-box traceability together securely and efficiently, which makes it more targeted and simpler to solve distinct tracing problems than previous schemes. Moreover, the proposed scheme has scalability, flexible policy expressiveness, and certain advantages in computing performance.