Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating

Attribute-Based Encryption (ABE) is a promising new cryptographic technique which guarantees fine-grained access control of outsourced encrypted data in the cloud. With the help of ABE, the majority of security issues in accessing cloud data can be solved. However, a key limitation remains, namely policy updating. Whenever the access policy is updated, a common approach is to have the data owner retrieve the data and re encrypt it with new policy, before sending the new ciphertext back to the cloud. This straight-forward approach will lead to heavy computation and communication overhead. Although a number of other approaches have been proposed in this regard, they suffer from two limitations; namely, supporting only limited update-policy types or having weak security models. In order to address these limitations, we propose a novel solution to the attribute-based encryption access control system by introducing a dynamic policy-updating technique which we call DPU-CP-ABE. The scheme is proved to be adaptively secure under the standard model and can support any type of policy updating. In addition, our scheme can significantly reduce the computation and communication costs of updating ciphertext.