User revocation for data sharing based on broadcast CP-ABE in cloud computing

The cloud service cannot only achieve data sharing but also protect data confidence against unauthorized users. User revocation is the most difficulty in cloud which revocation of any single user would affect others who share common attribute space. In this paper, we apply Broadcast Ciphertext-Policy Attribute Based Encryption (CP-ABE) and attribute segmentation to deal with this problem, and perform concrete construction to achieve scalable user revocation in further step. Broadcast CP-ABE is a direct revocation architecture, fine-grained revocation can be done without affecting any non-revoked users. Attribute segmentation decides whether to instantaneously revoke user authorization according to attribute subset. Our contributions are summarized as: Firstly, we resolve this problem by considering cloud service application scenarios in which dishonest cloud service is available. Secondly, our scheme is the owner can directly revoke multiple users, user mediator may revoke single user with its attribute subset which the system needn´t periodically update private key. Thirdly, colluders cannot decrypt the private content. We attain this by integrating Broadcast CP-ABE with the technique of attribute segmentation, and redefine under the decisional bilinear Diffie-Hellman (DBDH) assumption. At last, our scheme is provably secure against adaptive chosen-ciphertext attack. In addition, we show our scheme can also be applicable to the PHR service.