Attribute-Based Proxy Re-Encryption With Direct Revocation Mechanism for Data Sharing in Clouds

• Published in: IEEE transactions on dependable and secure computing Vol. 21; no. 2; pp. 949 - 960
• Main Authors: Ge, Chunpeng, Susilo, Willy, Liu, Zhe, Baek, Joonsang, Luo, Xiapu, Fang, Liming
• Format: Journal Article
• Language: English
• Published: Washington IEEE 01.03.2024; IEEE Computer Society
• Subjects: Attribute-based encryption; Cloud computing; Collaboration; Data encryption; data sharing; Encryption; Information sharing; Maintenance engineering; Neuroscience; revocation; Servers; Systems architecture
• ISSN: 1545-5971; 1941-0018
• DOI: 10.1109/TDSC.2023.3265979

Cloud computing, which provides adequate storage and computation capability, has been a prevalent information infrastructure. Secure data sharing is a basic demand when data was outsourced to a cloud server. Attribute-based proxy re-encryption has been a promising approach that allows secure encrypted data sharing on clouds. With attribute-based proxy re-encryption, a delegator can designate a set of shared users through issuing a re-encryption key which will be used by the cloud server to transform the delegator's encrypted data to the shared users'. However, the existing attribute-based proxy re-encryption schemes lack a mechanism of revoking users from the sharing set which is critical for data sharing systems. Therefore, in this article, we propose a concrete attribute-based proxy re-encryption with direct revocation mechanism (ABPRE-DR) for encrypted data sharing that enables the cloud server to directly revoke users from the original sharing set involved in the re-encryption key. We implemented the new schemes and evaluated its performance. The experimental results show that the proposed ABPRE-DR scheme is efficient and practical.