On the security of a cloud-based revocable IBPRE scheme for data sharing

Abstract

In ESORICS2014, Liang et al. proposed an efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing, aimed at both supporting user revocation and delegation of decryption rights. The main strategy is to let the cloud periodic re-encrypt ciphertexts under the current time period to the next time period. If the user is revoked in the forth coming time period, he cannot decrypt the ciphertexts by using the expired private key anymore. Compared with traditional revocation technique by using PKG, this method has the advantage of computation and communication efficiency. However, in this paper we show an attack which allow the revoked user can decrypt the ciphertexts under the future time period, if the revoked users colludes with the proxy. Although cloud-based revocable identity based proxy re-encryption is a great idea for public cloud storage sharing, it needs further research before this scheme can be practically adapted.