Achieving Revocable Fine-Grained Cryptographic Access Control over Cloud Data

  • Yanjiang YangEmail author
  • Xuhua Ding
  • Haibing Lu
  • Zhiguo Wan
  • Jianying Zhou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


Attribute-based encryption (ABE) is well suited for fine-grained access control for data residing on a cloud server. However, existing approaches for user revocation are not satisfactory. In this work, we propose a new approach which works by splitting an authorized user’s decryption capability between the cloud and the user herself. User revocation is attained by simply nullifying the decryption ability at the cloud, requiring neither key update nor re-generation of cloud data. We propose a concrete scheme instantiating the approach, which features lightweight computation at the user side. This makes it possible for users to use resource-constrained devices such as mobile phones to access cloud data. We implement our scheme, and also empirically evaluate its performance.



This work is supported in part by A*STAR funded project SecDC-112172014 (Singapore), and the second author is funded by the Singapore Management University through the research grant MSS12C004 from the Ministry of Education Academic Research Fund Tier 1.


  1. 1.
    Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: Proceedings IMA International Conference on Cryptography and Coding, pp. 278–300 (2009)Google Scholar
  2. 2.
    Beimel, A.: Secure schemes for secret sharing and key distribution, Ph.D. thesis, Israel Institute of Technology, Technion, Haifa, Israel (1996)Google Scholar
  3. 3.
    Blaze, M., Bleumer, G., Strauss, M.J.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: Proceedings USENIX Security (2001)Google Scholar
  5. 5.
    Bobba, R., Khurana, H., Prabhakaran, M.: A pracitically motivated enhancement to attribute-based encryption. In: Proceedings ESORICs (2009)Google Scholar
  6. 6.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings IEEE S&P (2007)Google Scholar
  7. 7.
    Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  8. 8.
    Cloud security alliance: security guidance for critical areas of focus in cloud computing (2009).
  9. 9.
    European network and information security agency: cloud computing risk assessment (2009).
  10. 10.
    Gartner: don’t trust cloud provider to protect your corporate assets, 28 May 2012.
  11. 11.
    Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: Proceedings USENIX Security (2011)Google Scholar
  12. 12.
    Goyal, V., Pandy, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings ACM CCS 2006 (2006)Google Scholar
  13. 13.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996) CrossRefGoogle Scholar
  14. 14.
    Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute-based proxy re-encrytpion with delegating capabilities. In: Proceedings ACM ASIACCS 2009, pp. 276–286 (2009)Google Scholar
  15. 15.
    Liu, J., Wan, Z., Gu, M.: Hierarchical attribute-set based encryption for scalable, flexible and fine-grained access control in cloud computing. In: Proceedings 7th Information Security Practice and Experience Conference, ISPEC 2011 (2011)Google Scholar
  16. 16.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings ACM CCS 2007, pp. 195–203 (2007)Google Scholar
  17. 17.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15(2), 75–96 (2002)zbMATHMathSciNetCrossRefGoogle Scholar
  18. 18.
    Waters, B.: Ciphertext-policy attribute-Based encryption: an expressive, efficient, and provably aecure realization. In: Proceedings Practice and Theory in Public Key Cryptography, PKC 2011, pp. 53–70 (2011)Google Scholar
  19. 19.
    Wang, G., Liu, Q., Wu, J.: Hierarhical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings ACM CCS 2010 (2010)Google Scholar
  20. 20.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: Proceedings IEEE INFOCOM 2010 (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Yanjiang Yang
    • 1
    Email author
  • Xuhua Ding
    • 2
  • Haibing Lu
    • 3
  • Zhiguo Wan
    • 4
  • Jianying Zhou
    • 1
  1. 1.Institute for Infocomm ResearchSingaporeSingapore
  2. 2.School of Information SystemsSingapore Management UniversitySingaporeSingapore
  3. 3.The Leavey School of BusinessSanta Clara UniversitySanta ClaraUSA
  4. 4.School of SoftwareTsinghua UniversityBeijingChina

Personalised recommendations