Decentralized attribute-based encryption scheme with scalable revocation for sharing data in public cloud servers

摘要

With the rapid development of cloud computing, it is attractive for enterprise companies to outsource their data files for sharing in cloud servers, as cloud computing can offer desirable characteristics, such as on-demand self-service, broad network access, and rapid elasticity. However, by uploading data files onto cloud servers, data owners (i.e. the companies) will lose control over their own data. This makes it essential to use Attribute-based encryption (ABE) because it can help to protect the data confidentiality by uploading data files in encrypted form. In addition, it can help to facilitate granting access to data by allowing only authorized users to decrypt the encrypted data files based on a set of attributes. However, this ABE approach includes three key issues. The first one is the complexity of user secret key management for large-scale cloud environments. The second is the complexity of revoking the users access rights. The third is the computational complexity involved in assigning user rights, encrypting and accessing data files. This paper addresses these three issues by proposing a decentralized ciphertext-policy ABE scheme (CP-DABE) for a large-scale cooperative cloud environment. The scheme reduces the complexity of user secret key management by providing a secure attribute delegation services between a master authority and a number of multiple attribute authorities. The scheme also reduces the complexity of revocation process by using Proxy Re-encryption technique to revoke any users access right. In addition, by comparing with most relative work, the scheme reduces the computational requirements for assigning user rights, encrypting and accessing data files. The scheme can support any LSSS access structure. In this paper, the cryptographic construction of the CP-DABE scheme is presented, and its efficiency is analyzed and compared with most relative work. The security of the CP-DABE scheme is discussed and selectively proved against chosen-p- aintext attacks under the decisional Bilinear Diffie-Hellman Exponent assumption. Finally, ideas to extend the CP-DABE scheme are discussed.