Fine-grained user access control in ciphertext-policy attribute-based encryption

Key revocation is one of the most challenging and open issues in attribute-based encryption (ABE). The previous revocable ABE schemes feature a mechanism that revokes the attribute key periodically without any consideration of the user membership associated with the attribute. Thus, non-revoked users are enforced to access the key authority periodically to receive keying materials in order to update the current key. This is due to the fact that the revocation is done only on the attribute level, which results in security and scalability problems. In this paper, we propose a fine-grained user revocation scheme without affecting any non-revoked users who share the same attributes in ciphertext-policy ABE; it does not require the users to access the key authority and to update keys periodically. The proposed scheme improves the efficiency compared with previous revocable schemes and enhances the security in terms of the backward/forward secrecy on any membership changes in the ciphertext-policy ABE system. Copyright (C) 2011 John Wiley & Sons, Ltd.