Make revocation cheaper: Hardware-based revocable attribute-based encryption

Author

Xiaoguo LI
Guomin YANG, Singapore Management UniversityFollow
Tao XIANG
Shengmin XU
Bowen ZHAO
Robert H. DENG, Singapore Management UniversityFollow
Hwee Hwa PANG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

5-2024

Abstract

As an advanced one-to-many public key encryption system, attribute-based encryption (ABE) is widely believed to be a promising technology for achieving flexible and fine-grained access control of encrypted data on untrusted storage servers (e.g., public cloud servers). However, user revocation in ABE is a critical but challenging problem, and designing efficient revocable ABE has been an active research topic in the past decade. Almost all the existing revocable ABE schemes incorporate a timestamp in the encryption algorithm such that revoked users cannot decrypt ciphertexts generated in future time intervals. To prevent revoked users from decrypting past ciphertexts, the storage server needs to perform a process called ciphertext delegation (Sahai et al., CRYPTO’12) that periodically updates the timestamp for all ciphertexts. As the number of ciphertexts could be huge in a storage system, ciphertext delegation could pose a huge computation overhead to the server.Motivated by the popularity of commodity Trusted Execution Environment (TEE) technologies, this paper initiates the study on hardware-based revocable ABE (HR-ABE) to eliminate the (unscalable) ciphertext delegation and prevent collusion attacks between an untrusted storage server and revoked users. We formalize this new notion and present an efficient HR-ABE construction that also supports outsourced decryption for resource-constrained data users. Furthermore, HR-ABE is also designed to address the potential secret leakage problem suffered by TEE (e.g., due to side-channel attacks) so that the leakage of secrets possessed by TEE does not lead to leakage of user data. We prove HR-ABE’s security formally and benchmark its performance experimentally.

Discipline

Information Security

Research Areas

Information Systems and Management

Areas of Excellence

Digital transformation

Publication

Proceedings of the 2024 IEEE Symposium on Security and Privacy (SP), San Francisco, California, May 19-23

First Page

3109

Last Page

3127

Identifier

10.1109/SP54263.2024.00100

Publisher

IEEE

City or Country

Piscataway, NJ

Citation

LI, Xiaoguo; YANG, Guomin; XIANG, Tao; XU, Shengmin; ZHAO, Bowen; DENG, Robert H.; and PANG, Hwee Hwa. Make revocation cheaper: Hardware-based revocable attribute-based encryption. (2024). Proceedings of the 2024 IEEE Symposium on Security and Privacy (SP), San Francisco, California, May 19-23. 3109-3127.
Available at: https://ink.library.smu.edu.sg/sis_research/9533

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/SP54263.2024.00100