2,498 research outputs found
A Ciphertext Policy Attributes-based Encryption Scheme with Policy Revocation
There are a lot of data exchanges among the parties by
using cloud computing. So data protection is very
important in cloud security environment. Especially, data
protection is needed for all organization by security
services against unauthorized accesses. There are many
security mechanisms for data protection. Attributes-based
Encryption (ABE) is a one-to-many encryption to encrypt
and decrypt data based on user attributes in which the
secret key of a user and the ciphertext are dependent
upon attributes. Ciphertext policy attributes-based
encryption (CP-ABE), an improvement of ABE schemes
performs an access control of security mechanisms for
cloud storage. In this paper, sensitive parts of personal
health records (PHRs) are encrypted by ABE with the
help of CP-ABE. Moreover, an attributes-based policy
revocation case is considered as well as user revocation
and it needs to generate a new secret key. In proposed
policy revocation case, PHRs owner changes attributes
policy to update available user lists. A trusted authority
(TA) is used to issue secret keys as a third party. This
paper emphasizes on key management and it also
improves attributes policy management and user
revocation. Proposed scheme provides a full control on
data owner as much as he changes policy. It supports a
flexible policy revocation in CP-ABE and it saves time
consuming by comparing with traditional CP-ABE
Directly revocable ciphertext-policy attribute-based encryption from lattices
Attribute-based encryption (ABE) is a promising type of cryptosystem achieving fine-grained access control on encrypted data.
Revocable attribute-based encryption (RABE) is an extension of ABE that provides revocation mechanisms when user\u27s attributes change, key exposure, and so on.
In this paper, we propose two directly revocable ciphertext-policy attribute-based encryption (DR-ABE) schemes from lattices, which support flexible threshold access policies on multi-valued attributes, achieving user-level and attribute-level user revocation, respectively.
Specifically, the revocation list is defined and embedded into the ciphertext by the message sender
to revoke a user in the user-level revocable scheme or revoke some attributes of a certain user in the attribute-level revocable scheme.
We also discuss how to outsource decryption and reduce the workload for the end user.
Our schemes are proved to be secure in the standard model, assuming the hardness of the learning with errors (LWE) problem
Remarks on the Cryptographic Primitive of Attribute-based Encryption
Attribute-based encryption (ABE) which allows users to encrypt and decrypt
messages based on user attributes is a type of one-to-many encryption. Unlike
the conventional one-to-one encryption which has no intention to exclude any
partners of the intended receiver from obtaining the plaintext, an ABE system
tries to exclude some unintended recipients from obtaining the plaintext
whether they are partners of some intended recipients. We remark that this
requirement for ABE is very hard to meet. An ABE system cannot truly exclude
some unintended recipients from decryption because some users can exchange
their decryption keys in order to maximize their own interests. The flaw
discounts the importance of the cryptographic primitive.Comment: 9 pages, 4 figure
- …