Revocable Attribute-Based Encryption With Data Integrity in Clouds

Abstract

Cloud computing enables enterprises and individuals to outsource and share their data. This way, cloud computing eliminates the heavy workload of local information infrastructure. Attribute-based encryption has become a promising solution for encrypted data access control in clouds due to the ability to achieve one-to-many encrypted data sharing. Revocation is a critical requirement for encrypted data access control systems. After outsourcing the encrypted attribute-based ciphertext to the cloud, the data owner may want to revoke some recipients that were authorized previously, which means that the outsourced attribute-based ciphertext needs to be updated to a new one that is under the revoked policy. The integrity issue arises when the revocation is executed. When a new ciphertext with the revoked access policy is generated by the cloud server, the data recipient cannot be sure that the newly generated ciphertext guarantees to be decrypted to the same plaintext as the originally encrypted data, since the cloud server is provided by a third party, which is not fully trusted. In this article, we consider a new security requirement for the revocable attribute-based encryption schemes: integrity. We introduce a formal definition and security model for the revocable attribute-based encryption with data integrity protection (RABE-DI). Then, we propose a concrete RABE-DI scheme and prove its confidentiality and integrity under the defined security model. Finally, we present an implementation result and provide performance evaluation which shows that our scheme is efficient and practical.