A Ciphertext Policy Attributes-based Encryption Scheme with Policy Revocation

There are a lot of data exchanges among the parties by using cloud computing. So data protection is very important in cloud security environment. Especially, data protection is needed for all organization by security services against unauthorized accesses. There are many security mechanisms for data protection. Attributes-based Encryption (ABE) is a one-to-many encryption to encrypt and decrypt data based on user attributes in which the secret key of a user and the ciphertext are dependent upon attributes. Ciphertext policy attributes-based encryption (CP-ABE), an improvement of ABE schemes performs an access control of security mechanisms for cloud storage. In this paper, sensitive parts of personal health records (PHRs) are encrypted by ABE with the help of CP-ABE. Moreover, an attributes-based policy revocation case is considered as well as user revocation and it needs to generate a new secret key. In proposed policy revocation case, PHRs owner changes attributes policy to update available user lists. A trusted authority (TA) is used to issue secret keys as a third party. This paper emphasizes on key management and it also improves attributes policy management and user revocation. Proposed scheme provides a full control on data owner as much as he changes policy. It supports a flexible policy revocation in CP-ABE and it saves time consuming by comparing with traditional CP-ABE

Directly revocable ciphertext-policy attribute-based encryption from lattices

Attribute-based encryption (ABE) is a promising type of cryptosystem achieving fine-grained access control on encrypted data. Revocable attribute-based encryption (RABE) is an extension of ABE that provides revocation mechanisms when user\u27s attributes change, key exposure, and so on. In this paper, we propose two directly revocable ciphertext-policy attribute-based encryption (DR-ABE) schemes from lattices, which support flexible threshold access policies on multi-valued attributes, achieving user-level and attribute-level user revocation, respectively. Specifically, the revocation list is defined and embedded into the ciphertext by the message sender to revoke a user in the user-level revocable scheme or revoke some attributes of a certain user in the attribute-level revocable scheme. We also discuss how to outsource decryption and reduce the workload for the end user. Our schemes are proved to be secure in the standard model, assuming the hardness of the learning with errors (LWE) problem

Remarks on the Cryptographic Primitive of Attribute-based Encryption

Attribute-based encryption (ABE) which allows users to encrypt and decrypt messages based on user attributes is a type of one-to-many encryption. Unlike the conventional one-to-one encryption which has no intention to exclude any partners of the intended receiver from obtaining the plaintext, an ABE system tries to exclude some unintended recipients from obtaining the plaintext whether they are partners of some intended recipients. We remark that this requirement for ABE is very hard to meet. An ABE system cannot truly exclude some unintended recipients from decryption because some users can exchange their decryption keys in order to maximize their own interests. The flaw discounts the importance of the cryptographic primitive.Comment: 9 pages, 4 figure