TY - JOUR
T1 - (Dual) server-aided revocable attribute-based encryption with decryption key exposure resistance
AU - Qin, Baodong
AU - Zhao, Qinglan
AU - Zheng, Dong
AU - Cui, Hui
N1 - Funding Information:
This work was supported by the National Natural Science Foundation of China (Grant No. 61872292 , Grant No. 61502400 and Grant No. 61602378 ), the Natural Science Basic Research Plan in Shaanxi ROC (grant number 2018JQ6007) and by the Foundation of Sichuan Educational Committee (Grant No. 16ZB0140).
Publisher Copyright:
© 2019 Elsevier Inc.
PY - 2019/7
Y1 - 2019/7
N2 - Attribute-based encryption (ABE) is a promising approach that enables scalable access control on encrypted data. However, one of the main efficiency drawbacks of ABE is the lack of practical user revocation mechanisms. In ESORICS 2016, Cui et al. proposed the first cloud server-aided revocable ABE scheme to achieve efficient user revocation. However, the cloud server cannot be fully compromised by an adversary. Otherwise, it will suffer from local decryption key exposure (DKE) attacks. In this paper, we first revisit Cui et al. security model, and enhance it by capturing the DKE attacks on user's local decryption keys and meanwhile allowing the adversary to fully corrupt the cloud server. We then construct a server-aided revocable ABE based on Rouselakis–Waters ciphertext-policy ABE (CCS 2013). It was showed that our scheme is secure in the new security model and maintains the outstanding properties of efficient user revocation, short local ciphertext size and fast local decryption. Further, we propose a dual framework for server-aided revocable ABE, in which the update keys are distributed to local users rather than the cloud server. With the exception of interaction with the KGC, the local user still has the same efficiency as that of first scheme.
AB - Attribute-based encryption (ABE) is a promising approach that enables scalable access control on encrypted data. However, one of the main efficiency drawbacks of ABE is the lack of practical user revocation mechanisms. In ESORICS 2016, Cui et al. proposed the first cloud server-aided revocable ABE scheme to achieve efficient user revocation. However, the cloud server cannot be fully compromised by an adversary. Otherwise, it will suffer from local decryption key exposure (DKE) attacks. In this paper, we first revisit Cui et al. security model, and enhance it by capturing the DKE attacks on user's local decryption keys and meanwhile allowing the adversary to fully corrupt the cloud server. We then construct a server-aided revocable ABE based on Rouselakis–Waters ciphertext-policy ABE (CCS 2013). It was showed that our scheme is secure in the new security model and maintains the outstanding properties of efficient user revocation, short local ciphertext size and fast local decryption. Further, we propose a dual framework for server-aided revocable ABE, in which the update keys are distributed to local users rather than the cloud server. With the exception of interaction with the KGC, the local user still has the same efficiency as that of first scheme.
KW - Attribute-based encryption
KW - Decryption key exposure
KW - Revocation
KW - Server-aided
UR - https://www.scopus.com/pages/publications/85063516948
U2 - 10.1016/j.ins.2019.03.053
DO - 10.1016/j.ins.2019.03.053
M3 - Article
AN - SCOPUS:85063516948
SN - 0020-0255
VL - 490
SP - 74
EP - 92
JO - Information Sciences
JF - Information Sciences
ER -