Full Text:   <401>

Summary:  <188>

CLC number: TP309.2

On-line Access: 2018-12-14

Received: 2018-06-27

Revision Accepted: 2018-11-11

Crosschecked: 2018-11-27

Cited: 0

Clicked: 1211

Citations:  Bibtex RefMan EndNote GB/T7714

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2018 Vol.19 No.11 P.1362-1384


Generic user revocation systems for attribute-based encryption in cloud storage

Author(s):  Genlang Chen, Zhiqian Xu, Hai Jiang, Kuan-ching Li

Affiliation(s):  Institute of Ningbo Technology, Zhejiang University, Ningbo 315000, China; more

Corresponding email(s):   cgl@zju.edu.cn, zhiqian.xu@gmail.com, hjiang@astate.edu, kuancli@pu.edu.tw

Key Words:  Attribute-based encryption, Generic user revocation, User privacy, Cloud storage, Access control

Genlang Chen, Zhiqian Xu, Hai Jiang, Kuan-ching Li. Generic user revocation systems for attribute-based encryption in cloud storage[J]. Frontiers of Information Technology & Electronic Engineering, 2018, 19(11): 1362-1384.

@article{title="Generic user revocation systems for attribute-based encryption in cloud storage",
author="Genlang Chen, Zhiqian Xu, Hai Jiang, Kuan-ching Li",
journal="Frontiers of Information Technology & Electronic Engineering",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Generic user revocation systems for attribute-based encryption in cloud storage
%A Genlang Chen
%A Zhiqian Xu
%A Hai Jiang
%A Kuan-ching Li
%J Frontiers of Information Technology & Electronic Engineering
%V 19
%N 11
%P 1362-1384
%@ 2095-9184
%D 2018
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1800405

T1 - Generic user revocation systems for attribute-based encryption in cloud storage
A1 - Genlang Chen
A1 - Zhiqian Xu
A1 - Hai Jiang
A1 - Kuan-ching Li
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 19
IS - 11
SP - 1362
EP - 1384
%@ 2095-9184
Y1 - 2018
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1800405

Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.


摘要:云存储是面向企业和个人用户的服务模型,包括付费和免费两种方式。基于云存储服务模型,用户通过互联网随时随地享受云存储提供的存储服务和管理功能。由于大多数云存储由第三方服务商提供,因此在数据保护和访问控制方面,云存储提供商和共享多租户环境下可信任性面临极大挑战。基于属性加密(attribute-based encryption,ABE)不仅保护数据的机密性,而且其中的密文或解密密钥与相关细粒度访问策略有关,这些策略在解密过程中被自动执行,使每个数据级别的数据访问处于控制之下。但是,在实际动态用户撤销应用中该方案有一定局限性。提出两种具有隐私保护功能的基于属性加密的通用型用户撤销系统:通过密文重加密(user revocation via ciphertext re-encryption,UR-CRE)实现的用户撤销系统和通过云存储提供商(user revocation via cloud storage providers,UR-CSP)实现的用户撤销系统。这两种系统可以与任意类型基于属性加密的方案协作,实现动态撤销用户。


Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1]Attrapadung N, Libert B, de Panafieu E, 2011. Expressive key-policy attribute-based encryption with constant-size ciphertexts. LNCS, 6571:90-108.

[2]Attrapadung N, Herranz J, Laguillaumie F, et al., 2012. Attribute-based encryption schemes with constant-size ciphertexts. Theor Comput Sci, 422(9):15-38.

[3]Au MH, Tsang PP, Susilo W, et al., 2009. Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. LNCS, 5473:295-308.

[4]Benaloh J, de Mare M, 1993. One-way accumulators: a decentralized alternative to digital signatures. LNCS, 765:274-285.

[5]Bethencourt J, Sahai A, Waters B, 2007. Ciphertext-policy attribute-based encryption. Proc IEEE Symp on Security and Privacy, p.321-334.

[6]Boneh D, Franklin M, 2003. Identity-based encryption from the Weil pairing. SIAM J Comput, 32(3):586-615.

[7]Brickell E, Camenisch J, Chen LQ, 2004. Direct anonymous attestation. Proc 11th ACM Conf on Computer and Communications Security, p.132-145.

[8]Camenisch J, Lysyanskaya A, 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. LNCS, 2442:61-76.

[9]Canetti R, Halevi S, Katz J, 2004. Chosen-ciphertext security from identity-based encryption. LNCS, 3027:207-222.

[10]Carroll M, van der Merwe A, Kotzé P, 2011. Secure cloud computing: benefits, risks and controls. Information Security South Africa, p.1-9.

[11]Chase M, 2007. Multi-authority attribute based encryption. Proc 4th Conf on Theory of Cryptography, p.515-534.

[12]Chase M, Chow SS, 2009. Improving privacy and security in multi-authority attribute-based encryption. Proc 16th ACM Conf on Computer and Communications Security, p.121-130.

[13]Chen C, Zhang ZF, Feng DG, 2011. Efficient ciphertext policy attribute-based encryption with constant-size ciphertext and constant computation-cost. LNCS, 6980:84-101.

[14]Chen C, Chen J, Lim HW, et al., 2013. Fully secure attribute-based systems with short ciphertexts/signatures and threshold access structures. LNCS, 7779:50-67.

[15]Cheung L, Newport C, 2007. Provably secure ciphertext policy ABE. Proc 14th ACM Conf on Computer and Communications Security, p.456-465.

[16]Chow R, Golle P, Jakobsson M, et al., 2009. Controlling data in the cloud: outsourcing computation without outsourcing control. Proc ACM Cloud Computing Security Workshop, p.85-90.

[17]Emura K, Miyaji A, Nomura A, et al., 2009. A ciphertext-policy attribute-based encryption scheme with constant ciphertext length. LNCS, 5451:13-23.

[18]Gibson J, Rondeau R, Eveleig D, et al., 2012. Benefits and challenges of three cloud computing service models. 4th Int Conf on Computational Aspects of Social Networks, p.198-205.

[19]Goyal V, Pandey O, Sahai A, et al., 2006. Attribute-based encryption for fine-grained access control of encrypted data. Proc 13th ACM Conf on Computer and Communications Security, p.89-98.

[20]Goyal V, Jain A, Pandey O, et al., 2008. Bounded ciphertext policy attribute based encryption. LNCS, 5126:579-591.

[21]Han JG, Susilo W, Mu Y, et al., 2012. Privacy-preserving decentralized key-policy attribute-based encryption. IEEE Trans Parall Distrib Syst, 23(11):2150-2162.

[22]Hayes B, 2008. Cloud computing. Commun ACM, 51(7):9-11.

[23]Herranz J, Laguillaumie F, R‘afols C, 2010. Constant size ciphertexts in threshold attribute-based encryption. LNCS, 6056:19-34.

[24]Hur J, Noh DK, 2011. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parall Distrib Syst, 22(7):1214-1221.

[25]Ibraimi L, Tang Q, Hartel P, et al., 2009. Efficient and provable secure ciphertext-policy attribute-based encryption schemes. LNCS, 5451:1-12.

[26]Jahid S, Mittal P, Borisov N, 2011. Easier: encryption-based access control in social networks with efficient revocation. Proc 6th ACM Symp on Information, Computer and Communications Security, p.411-415.

[27]Junod P, Karlov A, 2010. An efficient public-key attribute-based broadcast encryption scheme allowing arbitrary access policies. Proc 10th Annual ACM Workshop on Digital Rights Management, p.13-24.

[28]Karchmer M, Wigderson A, 1993. On span programs. Proc 8th Annual Structure in Complexity Theory Conf, p.102-111.

[29]Lewko A, Waters B, 2011. Decentralizing attribute-based encryption. LNCS, 6632:568-588.

[30]Lewko A, Sahai A, Waters B, 2010a. Revocation systems with very small private keys. IEEE Symp on Security and Privacy, p.273-285.

[31]Lewko A, Okamoto T, Sahai A, et al., 2010b. Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. LNCS, 6110:linebreak 62-91.

[32]Li J, Huang Q, Chen XF, et al., 2011. Multi-authority ciphertext-policy attribute-based encryption with accountability. Proc ACM Symp on Information, Computer and Communications Security, p.386-390.

[33]Lin H, Cao ZF, Liang XH, et al., 2008. Secure threshold multi authority attribute based encryption without a central authority. LNCS, 5365:426-436.

[34]Miller HG, Veiga J, 2009. Cloud computing: will commodity services benefit users long term? IT Prof, 11(6):57-59.

[35]Nguyen L, 2005. Accumulators from bilinear pairings and applications. LNCS, 3376:275-292.

[36]Okamoto T, Takashima K, 2010. Fully secure functional encryption with general relations from the decisional linear assumption. LNCS, 6223:191-208.

[37]Ostrovsky R, Sahai A, Waters B, 2007. Attribute-based encryption with non-monotonic access structures. Proc 14th ACM Conf on Computer and Communications Security, p.195-203.

[38]Parno B, Raykova M, Vaikuntanathan V, 2012. How to delegate and verify in public: verifiable computation from attribute-based encryption. LNCS, 7194:422-439.

[39]Pirretti M, Traynor P, McDaniel P, et al., 2006. Secure attribute-based systems. Proc 13th ACM Conf on Computer and Communications Security, p.99-112.

[40]Ren K, Wang C, Wang Q, 2012. Security challenges for the public cloud. IEEE Int Comput, 16(1):69-73.

[41]Sahai A, Waters B, 2005. Fuzzy identity-based encryption. LNCS, 3494:457-473.

[42]Sahai A, Seyalioglu H, Waters B, 2012. Dynamic credentials and ciphertext delegation for attribute-based encryption. LNCS, 7417:199-217.

[43]Shamir A, 1979. How to share a secret. Commun ACM, 22(11):612-613.

[44]Wang C, Wang Q, Ren K, et al., 2009. Ensuring data storage security in cloud computing. 17th Int Workshop on Quality of Service, p.1-9.

[45]Wang GJ, Liu Q, Wu J, et al., 2011. Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Comput Secur, 30(5):320-331.

[46]Wang ZJ, Huang DJ, 2018. Privacy-preserving mobile crowd sensing in ad hoc networks. Ad Hoc Networks, 73:14-26.

[47]Wang ZJ, Huang DJ, Wu HJ, et al., 2014. Towards distributed privacy-preserving mobile access control. IEEE Global Communications Conf, p.582-587.

[48]Wang ZJ, Huang DJ, Zhu Y, et al., 2015. Efficient attribute-based comparable data access control. IEEE Trans Comput, 64(12):3430-3443.

[49]Waters B, 2011. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. LNCS, 6571:53-70.

[50]Weiss A, 2007. Computing in the clouds. NetWorker, 11(4):16-25.

[51]Xu ZQ, Martin KM, 2012. Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. 11th IEEE Int Conf on Trust, Security and Privacy in Computing and Communications, p.844-849.

[52]Xu ZQ, Martin KM, 2013. A practical deployment framework for use of attribute-based encryption in data protection. IEEE 10th Int Conf on High Performance Computing and Communications & IEEE Int Conf on Embedded and Ubiquitous Computing, p.1593-1598.

[53]Yang K, Jia XH, Ren K, 2013. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. Proc 8th ACM SIGSAC Symp on Information, Computer and Communications Security, p.523-528.

[54]Yu SC, Ren K, Lou WJ, 2008. Attribute-based content distribution with hidden policy. 4th Workshop on Secure Network Protocols, p.39-44.

[55]Yu SC, Wang C, Ren K, et al., 2010. Achieving secure, scalable, and fine-grained data access control in cloud computing. Proc IEEE INFOCOM, p.534-542.

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - Journal of Zhejiang University-SCIENCE