OE-CP-ABE: Over-encryption based CP-ABE scheme for efficient policy updating

Abstract

Ciphertext-Policy Attribute Based Encryption (CP-ABE) is a promising technique to enable fine-grained access control for data storage and sharing. In CP-ABE, data are encrypted with an access policy on attributes, so the frequent policy updating has always been a challenging issue for data owners. A trivial method is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the server. However, this method incurs high communication and computation overhead on data owners. In this paper, we propose OE-CP-ABE scheme to implement fine-grained access control with efficient policy updating in data sharing. By combining the large universe CP-ABE with techniques of over-encryption and multi-linear secret sharing, our method can avoid the transmission of ciphertext and reduce the computation cost of data owners. The analysis shows that the proposed scheme can not only protect the confidentiality of the outsourced data, but also implement policy updating easily and efficiently.