CP-ABE中的動態金鑰更新與委託機制

Abstract

Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is a useful asymmetric encryption algorithm compared to traditional asymmetric cipher key systems. It enables encrypted data to be stored on cloud server with every of them retaining their own access permissions without the need of additionally define access control permission on the cloud server. In highly dynamic and heterogeneous cloud environment it is a challenging task to maintain data protections by just utilizing fine-grained access policy of CP-ABE. User rights management is made harder to implement on such systems without user interventions.

Currently there is no solution from the cryptosystem that supports efficient and direct key update and user revocations. Besides, backward secrecy and forward secrecy are not supported in the CP-ABE cryptosystem. Existing revocation methods are not encouraged to deploy in large cloud environment due to their high key processing overhead upon new user joining, revoked or being assigned with a new group key. In this paper, we proposed a method to dynamically authorize the users. The key feature of our model is the users do not have to involve in key revocation process. Our model utilizes different user authentication sessions to restrict their keys to a particular session and this approach could achieve direct user revocations within a group. The operation does not require re-encryption of existing ciphertext. Our method supports backward and (perfect) forward secrecy and is escrow-free. Lastly, we present that our method is efficient in the situation where users are changing groups frequently and our method is secured under chosen identity key attack.