TY - GEN
T1 - Attribute based data sharing with attribute revocation
AU - Yu, Shucheng
AU - Wang, Cong
AU - Ren, Kui
AU - Lou, Wenjing
PY - 2010
Y1 - 2010
N2 - Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical applications usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we resolve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In addition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.
AB - Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with access structures on attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical applications usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we resolve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In addition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.
KW - attribute based encryption
KW - proxy re-encryption
KW - revocation
UR - http://www.scopus.com/inward/record.url?scp=77954471010&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77954471010&partnerID=8YFLogxK
U2 - 10.1145/1755688.1755720
DO - 10.1145/1755688.1755720
M3 - Conference contribution
AN - SCOPUS:77954471010
SN - 9781605589367
T3 - Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010
SP - 261
EP - 270
BT - Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010
T2 - 5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010
Y2 - 13 April 2010 through 16 April 2010
ER -