Paper 2017/1100

IR-CP-ABE: Identity Revocable Ciphertext-Policy Attribute-Based Encryption for Flexible Secure Group-Based Communication

Weijia Wang, Zhijie Wang, Bing Li, Qiuxiang Dong, and Dijiang Huang

Abstract

Ciphertext-Policy Attribute-Based Encryp- tion (CP-ABE) is an access control mechanism over encrypted data and well suited for secure group-based communication. However, it also suffers from the fol- lowing problem, i.e., it is impossible to build all de- sired groups. For example, if two group members have exactly the same attributes, how to construct a group including only one of the two members? Obviously, at- tributes alone cannot distinguish these two members, therefore existing CP-ABE solutions do not work. To address this issue, in this paper, we present a new CP-ABE scheme (called IR-CP-ABE) that incorporates an Identity-based Revocation capability. With IR-CP-ABE, an access policy will be constructed by not only group members’ attributes but also their identities. To build a group, first, build a candidate group based on all de- sired group members’ attributes; second, remove unde- sired members by revoking their identities. By evaluat- ing the security and efficiency of a proposed construc- tion, we show that the IR-CP-ABE scheme is secure and efficient for practical applications.