Make revocation cheaper: Hardware-based revocable attribute-based encryption
As an advanced one-to-many public key encryption system, attribute-based encryption (ABE) is widely believed to be a promising technology for achieving flexible and fine-grained access control of encrypted data on untrusted storage servers (e.g., public cloud servers). However, user revocation in AB...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9533 https://ink.library.smu.edu.sg/context/sis_research/article/10533/viewcontent/313000a100.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10533 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-105332024-11-15T07:32:43Z Make revocation cheaper: Hardware-based revocable attribute-based encryption LI, Xiaoguo YANG, Guomin XIANG, Tao XU, Shengmin ZHAO, Bowen DENG, Robert H. PANG, Hwee Hwa As an advanced one-to-many public key encryption system, attribute-based encryption (ABE) is widely believed to be a promising technology for achieving flexible and fine-grained access control of encrypted data on untrusted storage servers (e.g., public cloud servers). However, user revocation in ABE is a critical but challenging problem, and designing efficient revocable ABE has been an active research topic in the past decade. Almost all the existing revocable ABE schemes incorporate a timestamp in the encryption algorithm such that revoked users cannot decrypt ciphertexts generated in future time intervals. To prevent revoked users from decrypting past ciphertexts, the storage server needs to perform a process called ciphertext delegation (Sahai et al., CRYPTO’12) that periodically updates the timestamp for all ciphertexts. As the number of ciphertexts could be huge in a storage system, ciphertext delegation could pose a huge computation overhead to the server.Motivated by the popularity of commodity Trusted Execution Environment (TEE) technologies, this paper initiates the study on hardware-based revocable ABE (HR-ABE) to eliminate the (unscalable) ciphertext delegation and prevent collusion attacks between an untrusted storage server and revoked users. We formalize this new notion and present an efficient HR-ABE construction that also supports outsourced decryption for resource-constrained data users. Furthermore, HR-ABE is also designed to address the potential secret leakage problem suffered by TEE (e.g., due to side-channel attacks) so that the leakage of secrets possessed by TEE does not lead to leakage of user data. We prove HR-ABE’s security formally and benchmark its performance experimentally. 2024-05-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9533 info:doi/10.1109/SP54263.2024.00100 https://ink.library.smu.edu.sg/context/sis_research/article/10533/viewcontent/313000a100.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security LI, Xiaoguo YANG, Guomin XIANG, Tao XU, Shengmin ZHAO, Bowen DENG, Robert H. PANG, Hwee Hwa Make revocation cheaper: Hardware-based revocable attribute-based encryption |
| description |
As an advanced one-to-many public key encryption system, attribute-based encryption (ABE) is widely believed to be a promising technology for achieving flexible and fine-grained access control of encrypted data on untrusted storage servers (e.g., public cloud servers). However, user revocation in ABE is a critical but challenging problem, and designing efficient revocable ABE has been an active research topic in the past decade. Almost all the existing revocable ABE schemes incorporate a timestamp in the encryption algorithm such that revoked users cannot decrypt ciphertexts generated in future time intervals. To prevent revoked users from decrypting past ciphertexts, the storage server needs to perform a process called ciphertext delegation (Sahai et al., CRYPTO’12) that periodically updates the timestamp for all ciphertexts. As the number of ciphertexts could be huge in a storage system, ciphertext delegation could pose a huge computation overhead to the server.Motivated by the popularity of commodity Trusted Execution Environment (TEE) technologies, this paper initiates the study on hardware-based revocable ABE (HR-ABE) to eliminate the (unscalable) ciphertext delegation and prevent collusion attacks between an untrusted storage server and revoked users. We formalize this new notion and present an efficient HR-ABE construction that also supports outsourced decryption for resource-constrained data users. Furthermore, HR-ABE is also designed to address the potential secret leakage problem suffered by TEE (e.g., due to side-channel attacks) so that the leakage of secrets possessed by TEE does not lead to leakage of user data. We prove HR-ABE’s security formally and benchmark its performance experimentally. |
| format |
text |
| author |
LI, Xiaoguo YANG, Guomin XIANG, Tao XU, Shengmin ZHAO, Bowen DENG, Robert H. PANG, Hwee Hwa |
| author_facet |
LI, Xiaoguo YANG, Guomin XIANG, Tao XU, Shengmin ZHAO, Bowen DENG, Robert H. PANG, Hwee Hwa |
| author_sort |
LI, Xiaoguo |
| title |
Make revocation cheaper: Hardware-based revocable attribute-based encryption |
| title_short |
Make revocation cheaper: Hardware-based revocable attribute-based encryption |
| title_full |
Make revocation cheaper: Hardware-based revocable attribute-based encryption |
| title_fullStr |
Make revocation cheaper: Hardware-based revocable attribute-based encryption |
| title_full_unstemmed |
Make revocation cheaper: Hardware-based revocable attribute-based encryption |
| title_sort |
make revocation cheaper: hardware-based revocable attribute-based encryption |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/9533 https://ink.library.smu.edu.sg/context/sis_research/article/10533/viewcontent/313000a100.pdf |
| _version_ |
1816859124920483840 |