Abstract
We propose an attribute-based encryption scheme with multi-keyword search and supporting attribute revocation in cloud storage environment, in which binary attributes and AND-gate access policy are used. Our proposal enjoys several advantages. Firstly, multi-keyword search is available, and only when a data user's attribute set satisfies access policy in keyword index, and keyword token generated by data user matches index successfully, then data user can obtain ciphertext containing keywords. In this way, more accurate keyword search is achievable. Secondly, the search privacy of data user is protected owing to cloud servers cannot obtain any knowledge of keywords which data user is interested in. Meanwhile, the ciphertext is able to be decrypted when data user's attribute set satisfies access policy specified in the ciphertext, which can both improve security of encryption and achieve secure fine-grained access control. Thirdly, the proposed scheme supports attribute revocation, in our scheme when a data user's attribute is revoked, the version number of attribute, non-revoked data users' secret keys and related ciphertexts will be updated, such that data user whose attribute is revoked does not decrypt updated ciphertext anymore. In addition, based on the assumption of decisional linear (DL) and decisional Diffie-Hellman (DDH), our scheme is proved to be secure against selectively chosen-keyword attacks and selectively chosen-plaintext attacks respectively, and it also ensures token privacy security.
Highlights
With the fast development of information technology, cloud storage plays a very crucial role [1] in our daily life
Attributebased encryption (ABE) schemes are classified into two categories: One kind is key-policy attribute-based encryption (KP-ABE) [4,5,6], in which data user’s secret key and ciphertext are relevant to access policy and attribute set, respectively
Afterwards, Yang et al [22] presented a ciphertext-policy attribute-based encryption (CP-ABE) scheme that were supporting attribute revocation, in which attribute authority was responsible for updating ciphertexts and non-revoked data users’ corresponding secret keys related to revoked attribute
Summary
With the fast development of information technology, cloud storage plays a very crucial role [1] in our daily life. Attributebased encryption (ABE) schemes are classified into two categories: One kind is key-policy attribute-based encryption (KP-ABE) [4,5,6], in which data user’s secret key and ciphertext are relevant to access policy and attribute set, respectively. In a CP-ABE scheme, the data user’s secret key is related to attribute set and ciphertext is related to specific access policy. In 2010, Yu et al [21] implemented a direct revocation of attributes in virtue of an agent, in which proxy key can be used to generate proxy re-encrypted ciphertext, and the scheme had a capability of updating all corresponding secret keys of each legitimate data users. Afterwards, Yang et al [22] presented a CP-ABE scheme that were supporting attribute revocation, in which attribute authority was responsible for updating ciphertexts and non-revoked data users’ corresponding secret keys related to revoked attribute. Our scheme analyzes the forward and backward security for attribute revocation
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
