Lately, many cloud-based applications proposed Attribute-Based Encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some access control policy. To be used in practical cases, any ABE scheme should implement a key revocation mechanism which assures that a compromised decryption key cannot be used anymore to decrypt data. Yu et al. (INFOCOM 2010) introduced an ABE scheme with revocation capabilities that enjoys several unique advantages, such as reactivity and efficiency. In the scheme, the cloud server is entitled to update keys and ciphertexts in order to achieve revocation. Unfortunately, the cloud server retains the power to undo the revocation of a key (revocation undoing attack) so endangering confidentiality. In this paper, we propose a revocable ABE scheme that still ensures the advantages of Yu et al.'s scheme, but it also resists to the revocation undoing attack. We formally prove the security of our scheme and show through simulations that the user experiences a slightly higher computational cost with respect to Yu et al.'s scheme.

Indirect Revocable KP-ABE with Revocation Undoing Resistance

Rasori, Marco
;
Perazzo, Pericle;Dini, Gianluca;
2021-01-01

Abstract

Lately, many cloud-based applications proposed Attribute-Based Encryption (ABE) as an all-in-one solution for achieving confidentiality and access control. Within this paradigm, data producers store the encrypted data on a semi-trusted cloud server, and users, holding decryption keys issued by a key authority, can decrypt data according to some access control policy. To be used in practical cases, any ABE scheme should implement a key revocation mechanism which assures that a compromised decryption key cannot be used anymore to decrypt data. Yu et al. (INFOCOM 2010) introduced an ABE scheme with revocation capabilities that enjoys several unique advantages, such as reactivity and efficiency. In the scheme, the cloud server is entitled to update keys and ciphertexts in order to achieve revocation. Unfortunately, the cloud server retains the power to undo the revocation of a key (revocation undoing attack) so endangering confidentiality. In this paper, we propose a revocable ABE scheme that still ensures the advantages of Yu et al.'s scheme, but it also resists to the revocation undoing attack. We formally prove the security of our scheme and show through simulations that the user experiences a slightly higher computational cost with respect to Yu et al.'s scheme.
2021
Rasori, Marco; Perazzo, Pericle; Dini, Gianluca; Yu, Shucheng
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1098506
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 7
social impact