The Research Of The Attribute Revocation For Attribute-based Encryption In Cloud Computing Enviroment

Information security in cloud computing environment has attracted more and more attentionwith the development of cloud computing, it is a powerful way to protect data safety by accessingcontrol system in this environment. Attribute-Based Encryption shows good performance in theaccess control model of one-to-many, fitting for large-scale access control in cloud environment.However, the attributes revocation is a key point to whether Attribute-Based Encryption couldperform outstandingly in real applications.In this paper, we have proposed two schemes of the attributes revocation for Attribute-BasedEncryption in cloud computing environment (REK-ABE and REC-ABE). In the REK-ABE scheme,the key is segmented by introducing the special attribute set which combines with the traditionalattribute set to constitute a new access control tree. Part of the key is sent to the user,while anotherpart is stored in the proxy server. The part of the key stored in the proxy server will be re-encrypteddifferently before its transmission to the user. In this way, only legitimate users who own thecompleted key could successfully decrypt the ciphertext; In the REC-ABE scheme, new algorithmsteps are added to the basis of CP-ABE, the ciphertext will be re-encrypted differently before itstransmission to the user, in the same way, only legitimate users who receive the proper ciphertextcould successfully decrypt the ciphertext. Both of the two schemes maintain a revocation list on theproxy server. Whether the user is legitimate or not depends on the revocation list. The performancesof attributes revocation of the two schemes are improved by using proxy re-encryption.The two schemes proposed in this paper could achieve the purpose of system revocation, usersrevocation, attributes revocation and instant revocation. By introducing proxy server, both of thetwo schemes reduce the workload of the authorized institution and the interaction betweenauthorized institution and the user. Moreover, the two schemes have better performance thantraditional version number revocation scheme in the attributes revocation capability. Security proofof the two schemes are proposed in this paper. In addition, both schemes are applied to cloudingaccess control models. Comparison evaluation and performance analysis of those two schemes areproposed as well.