Decentralized attribute-based access control with attribute revocation and outsourced decryption

Feng Yang; Hui Cui; Jiwu Jing

doi:10.1109/ICCRD56364.2023.10080306

Decentralized attribute-based access control with attribute revocation and outsourced decryption

Feng Yang, Hui Cui, Jiwu Jing

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

Abstract

Decentralized ciphertext-policy attribute-based encryption (CP-ABE) is considered a promising cryptographic primitive to enable fine-grained access control over encrypted data. The revocation is a necessary mechanism in real-world access control systems. However, existing revocation mechanisms in CP-ABE either are triggered periodically and cannot revoke users in a timely manner, or require a trusted third-party proxy to assist in revocation. In this work, we present a decentralized CP-ABE scheme that supports periodic attribute-level revocation as well as immediate attribute-level revocation, simultaneously. It means that once an attribute key of a user naturally expires or is identified as leaked, that attribute will be revoked and then become unavailable instantly, remaining the users' other attributes still active. Moreover, we provide optional outsourced decryption capabilities. Resource-constrained users can choose to outsource partial decryption to any third-party proxy without disclosing the underlying plaintext. The performance analysis demonstrates that our proposal is better in functionality compared with existing schemes. Our scheme is proven secure against chosen-plaintext attacks in the random oracle model.

Original language	English
Title of host publication	2023 15th International Conference on Computer Research and Development (ICCRD 2023)
Editors	Boshir Ahmed
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	246-257
Number of pages	12
ISBN (Electronic)	9781665487504, 9781665487498
ISBN (Print)	9781665487511
DOIs	https://doi.org/10.1109/ICCRD56364.2023.10080306
Publication status	Published - 2023
Externally published	Yes
Event	International Conference on Computer Research and Development (2023) - Online, China Duration: 10 Jan 2023 → 12 Jan 2023 Conference number: 15th https://ieeexplore.ieee.org/xpl/conhome/10079927/proceeding (Proceedings)

Conference

Conference	International Conference on Computer Research and Development (2023)
Abbreviated title	ICCRD 2023
Country/Territory	China
Period	10/01/23 → 12/01/23
Internet address	https://ieeexplore.ieee.org/xpl/conhome/10079927/proceeding (Proceedings)

Keywords

Attribute-level revocation
Ciphertext-policy attribute-based encryption
Outsourced decryption

Access to Document

10.1109/ICCRD56364.2023.10080306

Cite this

@inproceedings{1c356c49928d48a688f836b1818bb198,

title = "Decentralized attribute-based access control with attribute revocation and outsourced decryption",

abstract = "Decentralized ciphertext-policy attribute-based encryption (CP-ABE) is considered a promising cryptographic primitive to enable fine-grained access control over encrypted data. The revocation is a necessary mechanism in real-world access control systems. However, existing revocation mechanisms in CP-ABE either are triggered periodically and cannot revoke users in a timely manner, or require a trusted third-party proxy to assist in revocation. In this work, we present a decentralized CP-ABE scheme that supports periodic attribute-level revocation as well as immediate attribute-level revocation, simultaneously. It means that once an attribute key of a user naturally expires or is identified as leaked, that attribute will be revoked and then become unavailable instantly, remaining the users' other attributes still active. Moreover, we provide optional outsourced decryption capabilities. Resource-constrained users can choose to outsource partial decryption to any third-party proxy without disclosing the underlying plaintext. The performance analysis demonstrates that our proposal is better in functionality compared with existing schemes. Our scheme is proven secure against chosen-plaintext attacks in the random oracle model.",

keywords = "Attribute-level revocation, Ciphertext-policy attribute-based encryption, Outsourced decryption",

author = "Feng Yang and Hui Cui and Jiwu Jing",

note = "Funding Information: This work is supported by the National Key Research and Development Program of China under Grant No.2022YFB3103301. Publisher Copyright: {\textcopyright} 2023 IEEE.; International Conference on Computer Research and Development (2023), ICCRD 2023 ; Conference date: 10-01-2023 Through 12-01-2023",

year = "2023",

doi = "10.1109/ICCRD56364.2023.10080306",

language = "English",

isbn = "9781665487511",

pages = "246--257",

editor = "Boshir Ahmed",

booktitle = "2023 15th International Conference on Computer Research and Development (ICCRD 2023)",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

url = "https://ieeexplore.ieee.org/xpl/conhome/10079927/proceeding",

}

Yang, F, Cui, H & Jing, J 2023, Decentralized attribute-based access control with attribute revocation and outsourced decryption. in B Ahmed (ed.), 2023 15th International Conference on Computer Research and Development (ICCRD 2023). IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 246-257, International Conference on Computer Research and Development (2023), China, 10/01/23. https://doi.org/10.1109/ICCRD56364.2023.10080306

Decentralized attribute-based access control with attribute revocation and outsourced decryption. / Yang, Feng; Cui, Hui; Jing, Jiwu.
2023 15th International Conference on Computer Research and Development (ICCRD 2023). ed. / Boshir Ahmed. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2023. p. 246-257.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Decentralized attribute-based access control with attribute revocation and outsourced decryption

AU - Yang, Feng

AU - Cui, Hui

AU - Jing, Jiwu

N1 - Conference code: 15th

PY - 2023

Y1 - 2023

N2 - Decentralized ciphertext-policy attribute-based encryption (CP-ABE) is considered a promising cryptographic primitive to enable fine-grained access control over encrypted data. The revocation is a necessary mechanism in real-world access control systems. However, existing revocation mechanisms in CP-ABE either are triggered periodically and cannot revoke users in a timely manner, or require a trusted third-party proxy to assist in revocation. In this work, we present a decentralized CP-ABE scheme that supports periodic attribute-level revocation as well as immediate attribute-level revocation, simultaneously. It means that once an attribute key of a user naturally expires or is identified as leaked, that attribute will be revoked and then become unavailable instantly, remaining the users' other attributes still active. Moreover, we provide optional outsourced decryption capabilities. Resource-constrained users can choose to outsource partial decryption to any third-party proxy without disclosing the underlying plaintext. The performance analysis demonstrates that our proposal is better in functionality compared with existing schemes. Our scheme is proven secure against chosen-plaintext attacks in the random oracle model.

AB - Decentralized ciphertext-policy attribute-based encryption (CP-ABE) is considered a promising cryptographic primitive to enable fine-grained access control over encrypted data. The revocation is a necessary mechanism in real-world access control systems. However, existing revocation mechanisms in CP-ABE either are triggered periodically and cannot revoke users in a timely manner, or require a trusted third-party proxy to assist in revocation. In this work, we present a decentralized CP-ABE scheme that supports periodic attribute-level revocation as well as immediate attribute-level revocation, simultaneously. It means that once an attribute key of a user naturally expires or is identified as leaked, that attribute will be revoked and then become unavailable instantly, remaining the users' other attributes still active. Moreover, we provide optional outsourced decryption capabilities. Resource-constrained users can choose to outsource partial decryption to any third-party proxy without disclosing the underlying plaintext. The performance analysis demonstrates that our proposal is better in functionality compared with existing schemes. Our scheme is proven secure against chosen-plaintext attacks in the random oracle model.

KW - Attribute-level revocation

KW - Ciphertext-policy attribute-based encryption

KW - Outsourced decryption

UR - http://www.scopus.com/inward/record.url?scp=85152428148&partnerID=8YFLogxK

U2 - 10.1109/ICCRD56364.2023.10080306

DO - 10.1109/ICCRD56364.2023.10080306

M3 - Conference Paper

AN - SCOPUS:85152428148

SN - 9781665487511

SP - 246

EP - 257

BT - 2023 15th International Conference on Computer Research and Development (ICCRD 2023)

A2 - Ahmed, Boshir

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - International Conference on Computer Research and Development (2023)

Y2 - 10 January 2023 through 12 January 2023

ER -

Decentralized attribute-based access control with attribute revocation and outsourced decryption

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this