QI Yanjiao1, LI Yanping1* , LU Laifeng1, HUANG Meijuan2
(1 School of Mathematics and Information Science, Shaanxi Normal University, Xi′an 710119, Shaanxi, China; 2 School of Mathematics and Information Science, Baoji University of Arts and Sciences, Baoji 721013, Shaanxi, China)
Abstract:
Based on the CP-ABE algorithm, an attribute-based encryption scheme supported dynamical registered user revocation in cloud storage is proposed in this paper. Ciphertext is encrypted by the partial key k from the cloud storage center and s from the data owners which be hidden on the access structure, the users whose attributes satisfy the access structure can reconstruct s and decrypt the plain data because the ciphertext can eliminate the blind factor with the partial key k. After the revocation of a registered legal user happened, the cloud storage center update the original symmetric key k to k′ as well as the partial ciphertext of data, which can prevent those revoked users decrypting the data and provide the backward security the shared data. The unrevoked users only need to update the partial private key and they can normally decrypt the updated ciphertext. The whole scheme required lower computation, updating storage and communication cost.
KeyWords:
cloud storage; ciphertext-policy attribute-based encryption; backward security; access control
