Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption in Cloud Storage

Abstract

Cloud storage provides the potential for on-demand massive data storage, but its highly dynamic and heterogeneous environment presents significant data protection challenges. Ciphertext-policy attribute-based encryption (CP-ABE) enables fine-grained access control. However, important issues such as efficient user revocation and key refreshing are not straightforward, which constrains the adoption of CP-ABE in cloud storage systems. In this paper we propose a dynamic user revocation and key refreshing model for CP-ABE schemes. A key feature of our model is its generic possibility in general CP-ABE schemes to refresh the system keys or remove the access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. Our model is efficient and suitable for application in cloud storage environments. As an example, we use BSW's CP-ABE scheme to show the adaptation of our model to a CP-ABE scheme.