TY - JOUR
T1 - Indirect Revocable KP-ABE With Revocation Undoing Resistance
AU - Rasori, Marco
AU - Perazzo, Pericle
AU - Dini, Gianluca
AU - Yu, Shucheng
N1 - Publisher Copyright:
© 2008-2012 IEEE.
PY - 2022
Y1 - 2022
N2 - Lately, many cloud-based applications proposed attribute-based encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some access control policy. To be used in practical cases, any ABE scheme should implement a key revocation mechanism which assures that a compromised decryption key cannot be used anymore to decrypt data. Yu et al. (2010) introduced an ABE scheme with revocation capabilities that enjoys several unique advantages, such as reactivity and efficiency. In the scheme, the cloud server is entitled to update keys and ciphertexts in order to achieve revocation. Unfortunately, the cloud server retains the power to undo the revocation of a key (revocation undoing attack) so endangering confidentiality. In this article, we propose a revocable ABE scheme that still ensures the advantages of Yu et al.'s scheme, but it also resists to the revocation undoing attack. We formally prove the security of our scheme and show through simulations that the user experiences a slightly higher computational cost with respect to Yu et al.'s scheme.
AB - Lately, many cloud-based applications proposed attribute-based encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some access control policy. To be used in practical cases, any ABE scheme should implement a key revocation mechanism which assures that a compromised decryption key cannot be used anymore to decrypt data. Yu et al. (2010) introduced an ABE scheme with revocation capabilities that enjoys several unique advantages, such as reactivity and efficiency. In the scheme, the cloud server is entitled to update keys and ciphertexts in order to achieve revocation. Unfortunately, the cloud server retains the power to undo the revocation of a key (revocation undoing attack) so endangering confidentiality. In this article, we propose a revocable ABE scheme that still ensures the advantages of Yu et al.'s scheme, but it also resists to the revocation undoing attack. We formally prove the security of our scheme and show through simulations that the user experiences a slightly higher computational cost with respect to Yu et al.'s scheme.
KW - Attribute-based encryption
KW - access control
KW - cloud storage
KW - revocation
UR - http://www.scopus.com/inward/record.url?scp=85104197674&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85104197674&partnerID=8YFLogxK
U2 - 10.1109/TSC.2021.3071859
DO - 10.1109/TSC.2021.3071859
M3 - Article
AN - SCOPUS:85104197674
SN - 1939-1374
VL - 15
SP - 2854
EP - 2868
JO - IEEE Transactions on Services Computing
JF - IEEE Transactions on Services Computing
IS - 5
ER -