Biblio

Since a lot of information is outsourcing into cloud servers, data confidentiality becomes a higher risk to service providers. To assure data security, Ciphertext Policy Attributes-Based Encryption (CP-ABE) is observed for the cloud environment. Because ciphertexts and secret keys are relying on attributes, the revocation issue becomes a challenge for CP-ABE. This paper proposes an encryption access control (EAC) scheme to fulfill policy revocation which covers both attribute and user revocation. When one of the attributes in an access policy is changed by the data owner, the authorized users should be updated immediately because the revoked users who have gained previous access policy can observe the ciphertext. Especially for data owners, four types of updating policy levels are predefined. By classifying those levels, each secret token key is distinctly generated for each level. Consequently, a new secret key is produced by hashing the secret token key. This paper analyzes the execution times of key generation, encryption, and decryption times between non-revocation and policy revocation cases. Performance analysis for policy revocation is also presented in this paper.

Ciphertext-policy Attributes-based Encryption (CP-ABE) is an encouraging cryptographic mechanism. It behaves an access control mechanism for data security. A ciphertext and secret key of user are dependent upon attributes. As a nature of CP-ABE, the data owner defines access policy before encrypting plaintext by his right. Therefore, CP-ABE is suitable in a real environment. In CP-ABE, the revocation issue is demanding since each attribute is shared by many users. A policy-based revolutionary CP-ABE scheme is proposed in this paper. In the proposed scheme, revocation takes place in policy level because a policy consists of threshold attributes and each policy is identified as a unique identity number. Policy revocation means that the data owner updates his policy identity number for ciphertext whenever any attribute is changed in his policy. To be a flexible updating policy control, four types of updating policy levels are identified for the data owner. Authorized user gets a secret key from a trusted authority (TA). TA updates the secret key according to the policy updating level done by the data owner. This paper tests personal health records (PHRs) and analyzes execution times among conventional CP-ABE, other enhanced CP-ABE and the proposed scheme.

Attributes-based encryption (ABE) is a promising cryptographic mechanism that provides a fine-grained access control for cloud environment. Since most of the parties exchange sensitive data among them by using cloud computing, data protection is very important for data confidentiality. Ciphertext policy attributes-based encryption (CP-ABE) is one of the ABE schemes, which performs an access control of security mechanisms for data protection in cloud storage. In CP-ABE, each user has a set of attributes and data encryption is associated with an access policy. The secret key of a user and the ciphertext are dependent upon attributes. A user is able to decrypt a ciphertext if and only if his attributes satisfy the access structure in the ciphertext. The practical applications of CP-ABE have still requirements for attributes policy management and user revocation. This paper proposed an important issue of policy revocation in CP-ABE scheme. In this paper, sensitive parts of personal health records (PHRs) are encrypted with the help of CP-ABE. In addition, policy revocation is considered to add in CP-ABE and generates a new secret key for authorized users. In proposed attributes based encryption scheme, PHRs owner changes attributes policy to update authorized user lists. When policy revocation occurs in proposed PHRs sharing system, a trusted authority (TA) calculates a partial secret token key according to a policy updating level and then issues new or updated secret keys for new policy. Proposed scheme emphasizes on key management, policy management and user revocation. It provides a full control on data owner according to a policy updating level what he chooses. It helps both PHRs owner and users for flexible policy revocation in CP-ABE without time consuming.