ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). In our scheme, data receiver can decrypt the ciphertext if the attributes he owns match with the self-centric policy which is set by the data owner. Besides, a unique identifier is embedded into each user’s private key. If a malicious user exposes his private key for illegal data sharing, his identity can be exactly pinpointed by system manager. The key-insulation mechanism guarantees forward and backward security when key exposure happens as well as provides efficient key updating for users in the cloud system. The higher efficiency with proved security make our KI-CPABE-KEA more appropriate for secure data sharing in cloud computing.
ABE, Accountability, Key exposure protection, Key-insulated, Secure
Databases and Information Systems | Information Security
KSII Transactions on Internet and Information Systems
HONG, Hanshu; SUN, Zhixin; and LIU, Ximeng.
A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud. (2016). KSII Transactions on Internet and Information Systems. 10, (5), 2394-2406. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3626
Copyright Owner and License
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.