Server-aided revocable attribute-based encryption for cloud computing services

Attribute-based encryption (ABE) has been regarded as a promising solution in cloud computing services to enable scalable access control without compromising the security. Despite of the advantages, efficient user revocation has been a challenge in ABE. One suggestion for user revocation is using th...

Full description

Saved in:
Bibliographic Details
Main Authors: CUI, Hui, YUEN, Tsz Hon, DENG, Robert H., WANG, Guilin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2020
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/5070
https://ink.library.smu.edu.sg/context/sis_research/article/6073/viewcontent/Server_aided_abe_for_cloud_computing_services_sv.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Attribute-based encryption (ABE) has been regarded as a promising solution in cloud computing services to enable scalable access control without compromising the security. Despite of the advantages, efficient user revocation has been a challenge in ABE. One suggestion for user revocation is using the binary tree in the key generation phase of an ABE scheme, which enables a trusted key generation center to periodically distribute the key update information to all nonrevoked users over a public channel. This revocation approach reduces the size of key updates from linear to logarithmic in the number of users. But it requires each user to keep a private key of the logarithmic size, and asks each nonrevoked user to periodically update his/her decryption key for each new time period. To further optimize user revocation in ABE, a server-aided revocable ABE (SR-ABE) scheme has been proposed, in which almost all workloads of users incurred by the user revocation are outsourced to an untrusted server, and each user only needs to store a private key of the constant size. In addition, SR-ABE does not require any secure channel for the key transmission, and a user only needs to perform a small amount of calculations to decrypt a ciphertext. In this paper, we revisit the notion of SR-ABE, and present a generic construction of SR-ABE, which can transform a revocable ABE (RABE) scheme to an SR-ABE scheme. In addition, we give an instantiation of SR-ABE by applying the generic construction on a concrete RABE scheme, and implement an instantiation of SR-ABE and an RABE scheme to evaluate the performance of SR-ABE.