Document Type : Research Article


Department of Electrical and Computer Engineering, Tarbiat Modares University, Tehran, Iran.


Reliable access control is a major challenge of cloud storage services. This paper presents a cloud-based file-sharing architecture with ciphertext-policy attribute-based encryption (CP-ABE) access control mechanism. In CP-ABE, the data owner can specify the ciphertext access structure, and if the user key satisfies this access structure, the user can decrypt the ciphertext. The trusted authority embeds the private key of each attribute in a so-called attribute access polynomial and stores its coefficients publicly on the cloud. By means of the access polynomial, each authorized user will be able to retrieve the private key of the attribute by using her/his owned pre-shard key. In contrast, the data owner encrypts the file with a randomly selected key, namely the cipher key. The data owner encrypts the cipher key by CP-ABE scheme with the desired policies. Further, the data owner can create a different polynomial called query access polynomial for multi-keyword searching. Finally, the data owner places the encrypted file along the encrypted cipher key and query access polynomial in the cloud. The proposed scheme supports fast attribute revocation using updating the corresponding access polynomial and re-encrypting the affected cipher keys by the cloud server. Moreover, most of the calculations at the decryption and searching phases are outsourced to the cloud server, thereby allowing the lightweight nodes with limited resources to act as data users. Our analysis shows that the proposed scheme is both secure and efficient.


[1] Q. Chai and G. Guang. Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers. In IEEE International Conference on Communications (ICC), 2012.
[2] J. Bethencourt, S. Amit, and B. Waters. Ciphertext-policy attribute-based encryption. In IEEE symposium on security and privacy (SP’07), 2007.
[3] G. Wang, Q. Liu, J. Wu, and M. Guo. Hierarchical attribute-based encryption and scalable user revocation for sharing data in cloud servers. Computers & Security, 30:320–331, 2011.
[4] J. Hur and D. K. Noh. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems, 22:1214–1221, 2010.
[5] L. Zu, Z. Liu, and J. Li. New ciphertext-policy attribute-based encryption with efficient revocation. In IEEE International Conference on Computer and Information Technology, 2014.
[6] Q. Zheng, S. Xu, and G. Ateniese. Vabks: verifiable attribute-based keyword search over outsourced encrypted data. In IEEE INFOCOM 2014-IEEE Conference on Computer Communications, 2014.
[7] Y. Fan and Z. Liu. Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting. In IEEE Second Internaional Conference on Data Science in Cyberspace (DSC), 2017.
[8] R. Li, D. Zheng, Y. Zhang, H. Su, M. Yang, and P. Lang. Attribute-based encryption with multi-keyword search. In IEEE Second International Conference on Data Science in Cyberspace (DSC), 2017.
[9] S. Wang, L. Yao, and Y. Zhang. Attribute-based encryption scheme with multi-keyword search and supporting attribute revocation in cloud storage. PloS one, 19, 2010.
[10] H. Liu, P. Zhu, Z. Chen, P. Zhang, and Z. L.Jiang. Attribute-based encryption scheme supporting decryption outsourcing and attribute revocation in cloud storage. In IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing(EUC), 2017.
[11] Z. Xia, L. Zhang, and D. Liu. Attribute-based access control scheme with efficient revocation in cloud computing. China Communications, 13:92–99, 2018.
[12] Z. Liu, Z. L. Jiang, X. Wang, and S. M. Yiu.Practical attribute-based encryption: Outsourcing decryption, attribute revocation and policy updating. Journal of Network and Computer Applications, 108:112–123, 2018.
[13] Y. Miao, J. Ma, X. Liu, F. Wei, Z. Liu, and X. A.Wang. m 2-abks: Attribute-based multi-keyword search over encrypted personal health records in multi-owner setting. Journal of medical systems, 40:246–253, 2016.
[14] H. Zhong, W. Zhu, Y. Xu, and J. Cui. Multiauthority attribute-based encryption access control scheme with policy hidden for cloud storage. Soft Computing, 22:243–251, 2018.
[15] H. Wang, X. Dong, and Z. Cao. Multi-value-independent ciphertext-policy attribute based encryption with fast keyword search. IEEE Transactions on Services Computing, 13(6), 2017.
[16] J. Li, W. Yao, J. Han, Y. Zhang, and J. Shen. User collusion avoidance cp-abe with efficient attribute revocation for cloud storage. IEEE Systems Journal, 12:1767–1777, 2017.
[17] S. Belguith, N. Kaaniche, and G. Russello. Lightweight attribute-based encryption supporting access policy update for cloud assisted iot. In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications-Volume 1: SECRYPT, 2018.
[18] W. Yuan. Dynamic policy update for ciphertextpolicy attribute-based encryption. In IACR Cryptology ePrint Archive, page 457, 2018.
[19] K. Xue, W. Chen, W. Li, J. Hong, and P. Hong.Combining data owner-side and cloud-side access control for encrypted cloud storage. IEEE Transactions on Information Forensics and Security, 13:2062–2074, 2018.
[20] A. Kamal. Cryptanalysis of a polynomial-based key management scheme for secure group communication. Int. J. Netw. Secur., 15(1):68–70, 2013.
[21] X. Sun, X. Wu, C. Hoang, Z. Xu, and J. Zhong. Modified access polynomial based self-healing key management schemes with broadcast authentication and enhanced collusion resistance in wireless sensor networks. Ad Hoc Networks, 37:324–336, 2016.
[22] Arjen K Lenstra, Hendrik Willem Lenstra, and L ́aszl ́o Lov ́asz. Factoring polynomials with rational coefficients. Mathematische annalen, 261(ARTICLE):515–534, 1982.
[23] Y. Cui, X. Gao, Y. Shi, W. Yin, E. Panaousis, and K. Liang. An efficient attribute-based multikeyword search scheme in encrypted keyword generation. IEEE Access, 8:99024–99036, 2020.
[24] Y. Zhao, X. Xie, X. Zhang, and Y. Ding. A revocable storage cp-abe scheme with constant ciphertext length in cloud storage. Mathematical biosciences and engineering: MBE, 16(5):4229–4249, 2019.
[25] A. Wu, D. Zehng, Y. Zhang, and M. Yang. Hidden policy attribute-based data sharing with direct revocation and keyword search in cloud computing. Sensors, 17(7):2158, 2018.
[26] Y. W. Hwang and I. Y. Lee. Cp-abe access control that block access of withdrawn users in dynamic cloud. KSII Transactions on Internet and Information Systems (TIIS), 14(18):4136–4156, 2020.
[27] S. Wang, S. Jia, and Y. Zhang. Verifiable and multi-keyword searchable attribute-based encryption scheme for cloud storage. IEEE Access, 7:50136–50147, 2019.
[28] M. Ali, C. Xu, and A. Hussain. Authorized attribute-based encryption multi-keywords search with policy updating. Journal of New Media, 2(1):31–48, 2020.