| Title | An Improvement on “CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage” |
| Publication Type | Journal Article |
| Year of Publication | 2022 |
| Authors | Cheng, Leixiao, Meng, Fei |
| Journal | IEEE Transactions on Services Computing |
| Pagination | 1–2 |
| ISSN | 1939-1374 |
| Keywords | abe, Access Control, auditing, Authority Accountability, cloud computing, composability, Computer bugs, Electronic mail, Encryption, Mathematics, Metrics, pubcrawl, public key cryptography, resilience, Resiliency, revocation, Traceability, white box cryptography |
| Abstract | Recently, Ning et al. proposed the "CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage" in IEEE Transaction on Services Computing. This work provided two versatile ciphertext-policy attribute-based encryption (CP-ABE) schemes to achieve flexible access control on encrypted data, namely ATER-CP-ABE and ATIR-CP-ABE, both of which have attractive advantages, such as white-box malicious user traceability, semi-honest authority accountability, public auditing and user revocation. However, we find a bug of access control in both schemes, i.e., a non-revoked user with attribute set \$S\$ can decrypt the ciphertext \$ct\$ encrypted under any access policy \$(A,\textbackslashrho )\$, regardless of whether \$S\$ satisfies \$(A,\textbackslashrho )\$ or not. This paper carefully analyzes the bug, and makes an improvement on Ning's pioneering work, so as to fix it. |
| Notes | Conference Name: IEEE Transactions on Services Computing |
| DOI | 10.1109/TSC.2022.3210114 |
| Citation Key | cheng_improvement_2022 |
An Improvement on “CryptCloud$^\textrm+\$$: Secure and Expressive Data Access Control for Cloud Storage”