Attribute Based Data Sharing with Attribute Revocation
Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising cryptographic primitive for fine-grained access control of shared data. In CP-ABE, each user is associated with a set of attributes and data are encrypted with ac cess structures on attributes. A user is able to decrypt a ciphcrtext if and only if his attributes satisfy the ciphertext access structure. Beside this basic property, practical appli cations usually have other requirements. In this paper we focus on an important issue of attribute revocation which is cumbersome for CP-ABE schemes. In particular, we re solve this challenging issue by considering more practical scenarios in which semi-trustable on-line proxy servers are available. As compared to existing schemes, our proposed solution enables the authority to revoke user attributes with minimal effort. We achieve this by uniquely integrating the technique of proxy re-encryption with CP-ABE, and enable the authority to delegate most of laborious tasks to proxy servers. Formal analysis shows that our proposed scheme is provably secure against chosen ciphertext attacks. In ad dition, we show that our technique can also be applicable to the Key-Policy Attribute Based Encryption (KP-ABE) counterpart.
Attribute Based Encryption Proxy Re-encryption Revoca tion
Shucheng Yu Cong Wang Kui Ren Wenjing Lou
Department of ECE Worcester Polytechnic Institute Worcester, MA 01609 Department of ECE Illinois Institute of Technology Chicago, Illinois 60616
国际会议
北京
英文
261-270
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)