Publication Type

Journal Article

Version

acceptedVersion

Publication Date

8-2016

Abstract

In this paper, we propose a revocable and decentralized attribute-based encryption (ABE) system that splits the task of decryption key generation across multiple attribute authorities (AAs) without requiring any central party such that it achieves attribute revocation by simply stopping updating of the corresponding private key. In our system, a party can easily behave as an AA by creating a public and private key pair without any global communication except the creation for the common system parameters, under which it can periodically issue/update private key components for users that reflect their attributes, and an AA can freely leave the system once its corresponding attribute is revoked without communication with other AAs. In addition, to revoke a user, those AAs that have issued private keys to this user easily cease the key updating process for the user without affecting other AAs' execution. For the construction of our system, the technical barrier is to make private keys collusion resistant. Since in our system each component of a user's private key at a time period may come from different AAs and there is no coordination between these AAs, traditional technique of binding together different components (issued by different AAs) of a private key by randomization cannot be employed. To overcome this, we tie the key components together and prevent collusion attacks between different users by embedding distinct identifiers and a commonly shared time attribute in these components.

Keywords

revocation, decentralization, ABE

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Computer Journal

Volume

59

Issue

8

First Page

1220

Last Page

1235

ISSN

0010-4620

Identifier

10.1093/comjnl/bxw007

Publisher

Oxford University Press (OUP): Policy A - Oxford Open Option A

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1093/comjnl/bxw007

Share

COinS