Indirect Revocable KP-ABE With Revocation Undoing Resistance

Marco Rasori, Pericle Perazzo, Gianluca Dini, Shucheng Yu

Research output: Contribution to journalArticlepeer-review

10 Scopus citations

Abstract

Lately, many cloud-based applications proposed attribute-based encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some access control policy. To be used in practical cases, any ABE scheme should implement a key revocation mechanism which assures that a compromised decryption key cannot be used anymore to decrypt data. Yu et al. (2010) introduced an ABE scheme with revocation capabilities that enjoys several unique advantages, such as reactivity and efficiency. In the scheme, the cloud server is entitled to update keys and ciphertexts in order to achieve revocation. Unfortunately, the cloud server retains the power to undo the revocation of a key (revocation undoing attack) so endangering confidentiality. In this article, we propose a revocable ABE scheme that still ensures the advantages of Yu et al.'s scheme, but it also resists to the revocation undoing attack. We formally prove the security of our scheme and show through simulations that the user experiences a slightly higher computational cost with respect to Yu et al.'s scheme.

Original languageEnglish
Pages (from-to)2854-2868
Number of pages15
JournalIEEE Transactions on Services Computing
Volume15
Issue number5
DOIs
StatePublished - 2022

Keywords

  • Attribute-based encryption
  • access control
  • cloud storage
  • revocation

Fingerprint

Dive into the research topics of 'Indirect Revocable KP-ABE With Revocation Undoing Resistance'. Together they form a unique fingerprint.

Cite this