Abstract
In a ciphertext-policy attribute-based encryption (CP-ABE) scheme, a user may have multiple attributes, and each attribute may be shared simultaneously by many users. The decryption key of an attribute can thus be shared by many users who all possess the attribute. For monetary gain, a malicious authorized user may reveal his/her decryption key to a third party, and it is difficult to trace the owner of primitive secret key from an exposed key. At the same time, this situation may also limit commercial applications of CP-ABE systems. To solve these problems and enable fine-grained access control for the encrypted data, we propose a traceable CP-ABE scheme with attribute-level user revocation for cloud storage (TUR-CPABE). Our scheme enjoys four advantages. First, it has the ability to trace malicious users who have leaked key information from the system. Second, it supports attribute-level user revocation for malicious users and allows ABE fine-grained access control. Third, it allows secret key updates and ciphertext updates to resist collusion attacks between users. Fourth, outsourcing encryption, decryption and attribute revocation are used to reduce the computational burden on data owners, data users and the trust authority, respectively. In addition, our scheme has been proven to be secure against chosen plaintext attacks under a selective access policy based on decisional q – BDHE assumption in the standard model.
Highlights
In a cloud storage system, the cloud server must be able to provide data storage and other services for end users
In the proposed scheme, outsourcing encryption, decryption and attribute revocation are used to reduce the computational burden of data owners, users and trust authority, respectively
We propose a scheme called traceable ciphertext-policy attribute-based encryption (CP-attribute-based encryption (ABE)) with attribute-level user revocation for cloud storage (TUR-CPABE)
Summary
In a cloud storage system, the cloud server must be able to provide data storage and other services for end users. In CP-ABE, attributes are related to the user’s decryption key, and access policy affects the ciphertext. Liu et al [23] proposed a traceable CP-ABE scheme that supports any monotonous access structure. The scheme was proven to be safe under the prime order group, but it cannot resist a collusion attack between users Both Wong and Li’s scheme support direct user revocation, their schemes can neither support a key update nor ciphertext updates, nor can they acquire ABE fine-grained access control. In 2017, Liu et al [28] proposed traitor tracing the CP-ABE scheme, which can support ciphertext updates, but it can neither resist collusion attacks between users nor gain key update. To solve the above problem, we present a traceable CP-ABE scheme with attribute-level user revocation
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
