Attribute-based data sharing scheme revisited in cloud computing

Shulan Wang, Kaitai Liang, Joseph K. Liu, Jianyong Chen, Jianping Yu, Weixin Xie

    Research output: Contribution to journalArticleResearchpeer-review

    127 Citations (Scopus)


    Ciphertext-policy attribute-based encryption (CP-ABE) is a very promising encryption technique for secure data sharing in the context of cloud computing. Data owner is allowed to fully control the access policy associated with his data which to be shared. However, CP-ABE is limited to a potential security risk that is known as key escrow problem, whereby the secret keys of users have to be issued by a trusted key authority. Besides, most of the existing CP-ABE schemes cannot support attribute with arbitrary state. In this paper, we revisit attribute-based data sharing scheme in order to solve the key escrow issue but also improve the expressiveness of attribute, so that the resulting scheme is more friendly to cloud computing applications. We propose an improved two-party key issuing protocol that can guarantee that neither key authority nor cloud service provider can compromise the whole secret key of a user individually. Moreover, we introduce the concept of attribute with weight, being provided to enhance the expression of attribute, which can not only extend the expression from binary to arbitrary state, but also lighten the complexity of access policy. Therefore, both storage cost and encryption complexity for a ciphertext are relieved. The performance analysis and the security proof show that the proposed scheme is able to achieve efficient and secure data sharing in cloud computing.

    Original languageEnglish
    Article number7448433
    Pages (from-to)1661-1673
    Number of pages13
    JournalIEEE Transactions on Information Forensics and Security
    Issue number8
    Publication statusPublished - 1 Aug 2016


    • Attribute-based encryption
    • Cloud computing
    • Removing escrow
    • Secure data sharing
    • Weighted attribute

    Cite this