Revocable Attribute-Based Encryption with Data Integrity in Clouds

Publication Name

IEEE Transactions on Dependable and Secure Computing


Cloud computing enables enterprises and individu-1 als to outsource and share their data. This way, cloud computing 2 eliminates the heavy workload of local information infrastruc-3 ture. Attribute-based encryption has become a promising solution 4 for encrypted data access control in clouds due to the ability 5 to achieve one-to-many encrypted data sharing. Revocation is a 6 critical requirement for encrypted data access control systems. 7 After outsourcing the encrypted attribute-based ciphertext to the 8 cloud, the data owner may want to revoke some recipients that 9 were authorized previously, which means that the outsourced 10 attribute-based ciphertext needs to be updated to a new one 11 that is under the revoked policy. The integrity issue arises when 12 the revocation is executed. When a new ciphertext with the 13 revoked access policy is generated by the cloud server, the data 14 recipient cannot be sure that the newly generated ciphertext 15 guarantees to be decrypted to the same plaintext as the originally 16 encrypted data, since the cloud server is provided by a third 17 party, which is not fully trusted. In this paper, we consider 18 a new security requirement for the revocable attribute-based 19 encryption schemes: integrity. We introduce a formal definition 20 and security model for the revocable attribute-based encryption 21 with data integrity protection (RABE-DI). Then, we propose 22 a concrete RABE-DI scheme and prove its confidentiality and 23 integrity under the defined security model. Finally, we present 24 an implementation result and provide performance evaluation 25 which shows that our scheme is efficient and practical. 26

Open Access Status

This publication is not available as open access



Link to publisher version (DOI)