Description

Cloud computing enables enterprises and individu2 als to outsource and share their data. This way, cloud computing 3 eliminates the heavy workload of local information infrastruc4 ture. Attribute-based encryption has become a promising solution 5 for encrypted data access control in clouds due to the ability 6 to achieve one-to-many encrypted data sharing. Revocation is a 7 critical requirement for encrypted data access control systems. 8 After outsourcing the encrypted attribute-based ciphertext to the 9 cloud, the data owner may want to revoke some recipients that 10 were authorized previously, which means that the outsourced 11 attribute-based ciphertext needs to be updated to a new one 12 that is under the revoked policy. The integrity issue arises when 13 the revocation is executed. When a new ciphertext with the 14 revoked access policy is generated by the cloud server, the data 15 recipient cannot be sure that the newly generated ciphertext 16 guarantees to be decrypted to the same plaintext as the originally 17 encrypted data, since the cloud server is provided by a third 18 party, which is not fully trusted. In this paper, we consider 19 a new security requirement for the revocable attribute-based 20 encryption schemes: integrity. We introduce a formal definition 21 and security model for the revocable attribute-based encryption 22 with data integrity protection (RABE-DI). Then, we propose 23 a concrete RABE-DI scheme and prove its confidentiality and 24 integrity under the defined security model. Finally, we present 25 an implementation result and provide performance evaluation 26 which shows that our scheme is efficient and practical.