Chao Luo,Jiaoli Shi,Minchen Xie,Chao Hu,Lihua Wang,Zhuolin Mei,Shimao Yao,Hui Li

DOI: https://doi.org/10.1007/978-981-97-0942-7_22

2024-01-01

Abstract:Traditional CP-ABE (Ciphertext-Policy Attribute-Based Encryption) schemes require the access policy to be uploaded to the cloud along with the ciphertext, but access policies often also involve some private information, which can lead to privacy leakage. Moreover, the decryption cost of the traditional CP-ABE scheme is too high, which is not suitable for source-limited end devices, such as medical monitoring terminals. To achieve policy hiding, decryption lightening, and high expressiveness of access policy all at the same time, we present a new CP-ABE scheme, in which a PBF (Path Bloom Filter) is designed based on ROBDD (Reduced Ordered Binary Decision Diagram). The ROBDD, as the access structure, can provide more vital and more flexible expressiveness. Then the PBF can hide the access policy, reduce the decryption cost, and accelerate the decryption speed. Analysis and simulation study show that our proposed scheme is secure under Decisional q-BDHE assumption and superior to previous schemes concerning computational cost.

Kaiping Xue,Na Gai,Jianan Hong,David S. L. Wei,Peilin Hong,Nenghai Yu

DOI: https://doi.org/10.1109/tdsc.2020.2987903

2022-01-01

Abstract:Under the assumption of honest-but-curious cloud service provider, various cryptographic techniques have been used to address the issues of data access control and confidentiality in public cloud storage. Among which, attribute-based encryption (ABE) has been shown to be an attractive scheme. Although the technique of ABE brings in various benefits, its onerous overhead should not be ignored. In this article, based on an improved LSSS (linear secret sharing scheme) matrix expression integrated in CP-ABE (Ciphertext-Policy Attribute-Based Encryption) algorithm, we present an efficient and secure attribute-based access control scheme for the scenarios where multiple data are shared and encrypted with frequently used sub-policies. In the scheme, a user can store the parameters about a specific sub-policy in his/her first decryption, which can be reused in the subsequent data decryptions whose embedded access policies include the same sub-policy so as to significantly reduce the computation cost. Our proposed scheme is proved to be semantically secure under chosen plaintext attacks and can well preserve the confidentiality of the data sharing system. Our analysis and experimentation also show that our scheme does significantly reduce the decryption time and while trades in only very little storage overhead, and thus effectively promotes the efficiency.

Hui Tian,Xiang Li,Hanyu Quan,Chin-Chen Chang,Thar Baker

DOI: https://doi.org/10.1109/jsen.2020.3030688

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:The Intelligent Transportation System (ITS) provides more possibilities for the realization of smart cities by integrating the Internet of Things (IoT) and cloud computing. However, how to ensure security of IoT data stored in the cloud has become one of the biggest challenges at present. As a promising solution for realizing fine-grained access control, Ciphertext-Policy Attribute-Based Encryption (CP-ABE) can be used to ensure data security. However, the traditional CP-ABE schemes may leak privacy of ITS users. Moreover, due to their high computational overheads, the current privacy-preserving techniques are not suitable for IoT lightweight devices. To fill this gap, this article presents ABE-FPP, a lightweight attribute-based access control scheme with full privacy protection (FPP), which can achieve full privacy protection in the three key stages (i.e., key generation, access control, and partial decryption), while reducing consumption overhead on the user side. Specifically, to protect privacy during key generation, a lightweight two-party secure computing protocol between the user and the authority is designed to generate secret keys; to protect privacy during the access control policy setting, we present an efficient policy hidden strategy, which only reveals attribute names and efficiently hides attribute values; to protect privacy during partial decryption, we propose a hybrid authentication method that does not need to submit attribute values to the cloud. Moreover, to achieve lightweight computation for IoT devices, online/offline encryption and outsourced decryption are employed in ABE-FPP. Finally, formal security proofs show that our scheme is secure in the standard model. The asymptotic complexity analyses and experimental results demonstrate that the presented scheme achieves higher computation efficiency than the state-of-the-art ones.

engineering, electrical & electronic,instruments & instrumentation,physics, applied

Zhaoqian Zhang,Jianbiao Zhang,Yilin Yuan,Zheng Li

DOI: https://doi.org/10.1109/jiot.2021.3117378

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:As the public cloud becomes one of the leading ways in data-sharing nowadays, data confidentiality and user privacy are increasingly critical. Partially policy-hidden ciphertext policy attribute-based encryption (CP-ABE) can effectively protect data confidentiality while reducing privacy leakage by hiding part of the access structure. However, it cannot satisfy the need of data sharing in the public cloud with complex users and large amounts of data, both in terms of less expressive access structures and limited granularity of policy hiding. Moreover, the verification of access right to shared data and correctness of decryption are ignored or conducted by an untrusted third party, and the prime-order groups are seldom considered in the expressive policy-hidden schemes. This article proposes a fully policy-hidden CP-ABE scheme constructed on linear secret sharing scheme (LSSS) access structure and prime-order groups for public cloud data sharing. To help users decrypt, hidden vector encryption (HVE) with a "convert step" is applied, which is more compatible with CP-ABE. Meanwhile, decentralized credible verification of access right to shared data and correctness of decryption based on blockchain are also provided. We prove the security of our scheme rigorously and compare the scheme with others comprehensively. The results show that our scheme performs better.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jialu Hao,Cheng Huang,Jianbing Ni,Hong Rong,Ming Xian,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1016/j.comnet.2019.02.008

IF: 5.493

2019-01-01

Computer Networks

Abstract:Ciphertext-policy attribute-based encryption (CP-ABE) is a promising approach to achieve fine-grained access control over the outsourced data in Internet of Things (IoT). However, in the existing CP-ABE schemes, the access policy is either appended to the ciphertext explicitly or only partially hidden against public visibility, which results in privacy leakage of the underlying ciphertext and potential recipients. In this paper, we propose a fine-grained data access control scheme supporting expressive access policy with fully attribute hidden for cloud-based IoT. Specifically, the attribute information is fully hidden in access policy by using randomizable technique, and a fuzzy attribute positioning mechanism based on garbled Bloom filter is developed to help the authorized recipients locate their attributes efficiently and decrypt the ciphertext successfully. Security analysis and performance evaluation demonstrate that the proposed scheme achieves effective policy privacy preservation with low storage and computation overhead. As a result, no valuable attribute information in the access policy will be disclosed to the unauthorized recipients.

Ningyu Chen,Jiguo Li,Yichen Zhang,Yuyan Guo

DOI: https://doi.org/10.1109/tc.2020.3043950

IF: 3.183

2022-01-01

IEEE Transactions on Computers

Abstract:Attribute-based encryption (ABE) is a preferred technology used to access control the data stored in the cloud servers. However, in many cases, the authorized decryption user may be unable to decrypt the ciphertext in time for some reason. To be on the safe side, several alternate users are delegated to cooperate to decrypt the ciphertext, instead of one user doing that. We provide a ciphertext-policy ABE scheme with shared decryption in this article. An authorized user can recover the messages independently. At the same time, these alternate users (semi-authorized users) can work together to get the messages. We also improve the basic scheme to ensure that the semi-authorized users perform the decryption tasks honestly. An integrated access tree is used to improve the efficiency for our scheme. The new scheme is proved CPA-secure in the standard model. The experimental result shows that our scheme is very efficient on both computational overhead and storage cost.

engineering, electrical & electronic,computer science, hardware & architecture

Li Yang,Cheng Li,Yuting Cheng,Shui Yu,Jianfeng Ma

DOI: https://doi.org/10.1016/j.ins.2021.09.034

IF: 8.1

2022-01-01

Information Sciences

Abstract:Increasingly more user data are transferred to the cloud for storage and analysis. Due to the dishonesty of the cloud, user data are at risk of leakage. CP-ABE is considered one of the most promising technologies for protecting outsourced data. However, in most existing schemes, the attacker may learn user privacy information from the policy plaintext. Furthermore, schemes supporting policy hiding either only achieve partial policy hiding or cannot hide policies in large universes. In this paper, we use hide both the values and names of attributes in policies by using private set intersections (PSIs). CP-ABE supports a complete hiding strategy. At the same time, it can calculate the authorization relationship and mapping between the user's password and key. We use polynomial-based PSI and a recursive algorithm to calculate the former. With the help of this algorithm and tag vectors, the mapping is determined in the case of communication restrictions. By outsourcing exponents, we achieve an efficient hiding policy and effectively reduces users' computing overhead. We also prove its security. Finally, the performance evaluation and simulation results reveal that our model achieves better performance compared with other schemes while preserving sensitive attributes.

computer science, information systems

Mostafa Chegenizadeh,Mohammad Ali,Javad Mohajeri,Mohammad Reza Aref

DOI: https://doi.org/10.48550/arXiv.2107.10133

2021-07-21

Abstract:Attribute-based encryption (ABE) is a promising cryptographic mechanism for providing confidentiality and fine-grained access control in the cloud-based area. However, due to high computational overhead, common ABE schemes are not suitable for resource-constrained devices. Moreover, data owners should be able to update their defined access policies efficiently, and in some cases, applying hidden access policies is required to preserve the privacy of clients and data. In this paper, we propose a ciphertext-policy attribute-based access control scheme which for the first time provides online/offline encryption, hidden access policy, and access policy update simultaneously. In our scheme, resource-constrained devices are equipped with online/offline encryption reducing the encryption overhead significantly. Furthermore, attributes of access policies are hidden such that the attribute sets satisfying an access policy cannot be guessed by other parties. Moreover, data owners can update their defined access policies while outsourcing a major part of the updating process to the cloud service provider. In particular, we introduce blind access policies that enable the cloud service provider to update the data owners' access policies without receiving a new re-encryption key. Besides, our scheme supports fast decryption such that the decryption algorithm consists of a constant number of bilinear pairing operations. The proposed scheme is proven to be secure in the random oracle model and under the hardness of Decisional Bilinear Diffie-Hellman (DBDH) and Decision Linear (D-Linear) assumptions. Also, performance analysis results demonstrate that the proposed scheme is efficient and practical.

Cryptography and Security

Shida Shamsazad

2024-01-25

Abstract:In this paper, we present a novel ciphertext-policy attribute based encryption (CP-ABE) scheme that offers a flexible access structure. Our proposed scheme incorporates an access tree as its access control policy, enabling fine-grained access control over encrypted data. The security of our scheme is provable under the hardness assumption of the decisional Ring-Learning with Errors (R-LWE) problem, ensuring robust protection against unauthorized access. CP-ABE is a cryptographic technique that allows data owners to encrypt their data with access policies defined in terms of attributes. Only users possessing the required attributes can decrypt and access the encrypted data. Our scheme extends the capabilities of CP-ABE by introducing a flexible access structure based on an access tree. This structure enables more complex and customizable access policies, accommodating a wider range of real-world scenarios. To ensure the security of our scheme, we rely on the decisional R-LWE problem, a well-established hardness assumption in cryptography. By proving the security of our scheme under this assumption, we provide a strong guarantee of protection against potential attacks. Furthermore, our proposed scheme operates in the standard model, which means it does not rely on any additional assumptions or idealized cryptographic primitives. This enhances the practicality and applicability of our scheme, making it suitable for real-world deployment. We evaluate the performance and efficiency of our scheme through extensive simulations and comparisons with existing CP-ABE schemes. The results demonstrate the effectiveness and scalability of our proposed approach, highlighting its potential for secure and flexible data access control in various domains.

Cryptography and Security

Rui Luo,Yuanzhi Yao,Weihai Li,Nenghai Yu

DOI: https://doi.org/10.1007/978-3-031-06761-7_43

2022-01-01

Abstract:Cloud storage service has significant advantages on both cost reduction and convenient data sharing. It frees data owners from technical management. However, it poses new challenges on privacy and security protection. To protect data confidentiality and privacy of users against malicious entities in the cloud, fine-grained data access control in cloud storage has become a challenging issue and draws considerable investigation. Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic technique to address the above issue. In many scenarios, access policies are associated with privacy and sensitive information of users which needs to be preserved from disclosure. However, existing schemes cannot simultaneously support time-sensitive data publishing and attribute information preservation. In this paper, we propose a privacy-preserving time and attribute factors combined cloud data access control with computation outsourcing scheme (named PTAC). To preserve attribute privacy, we design a dual access policy tree mechanism where one access policy tree is public and another is sensitive and hidden. Moreover, time-sensitive data publishing can be achieved by combining CP-ABE with timed-release encryption. By using edge computing and cloud computing, we also outsource partitive computational cost of encryption and decryption to third parties. Extensive security and performance analysis demonstrate the security and efficiency of our proposed scheme in cloud storage. As a result, valuable attribute information in the access policy can be preserved in case of disclosing to unauthorized recipients.

Yang Zhao,Xin Xie,Xing Zhang,Yi Ding

DOI: https://doi.org/10.3934/mbe.2019211

2019-01-01

Mathematical Biosciences and Engineering

Abstract:The ciphertext policy attribute-based encryption (CP-ABE) is widely used in cloud storage. It not only provides a secure data sharing scheme but also has the characteristics of fine-grained access control. However, most CP-ABE schemes have problems such as the ciphertext length increases with the complexity of the access policy, the encryption scheme is complex, the computational efficiency is low, and the fine-grained revocation cannot be performed. In view of the above problems, this paper proposes an efficient CP-ABE scheme with fine-grained revocable storage and constant ciphertext length. The scheme combines proxy re-encryption with CP-ABE technology, adopts the flexible access strategy AND-gates on multi-valued attributes with wildcards (AND(m)*), and realizes revocable storage and fixed-length ciphertext. At the same time, in order to reduce the amount of user decryption calculation, the complex operation in the decryption process is outsourced to the third-party server and the decryption result is verified to ensure the correctness of the information. Finally, the security of the scheme is proved under the decisional bilinear Diffie-Hellman (DBDH) assumption. In addition, the performance analysis shows that the scheme is efficient and feasible in cloud storage.

Jiguo Li,Yichen Zhang,Jianting Ning,Xinyi Huang,Geong Sen Poh,Debang Wang

DOI: https://doi.org/10.1109/tcc.2020.2975184

IF: 5.697

2020-01-01

IEEE Transactions on Cloud Computing

Abstract:The pervasive, ubiquitous, and heterogeneous properties of IoT make securing IoT systems a very challenging task. More so when access and storage are performed through a cloud-based IoT system. IoT data stored on cloud should be encrypted to ensure data privacy. It is also crucial to allow only authorized entities to access and decrypt the encrypted data. In this article, we propose a ciphertext-policy attribute-based encryption (CP-ABE) scheme that enables fine-grained access control of encrypted IoT data on cloud. CP-ABE is regarded as a highly promising approach to provide flexible and fine-grained access control, which is quite suited to secure cloud based IoT systems. We first present an access control system model of CloudIoT platform based on ABE. Based on the presented system model, we construct a ciphertext-policy hiding CP-ABE scheme, which guarantees the privacy of the users. We further construct a white-box traceable CP-ABE scheme with accountability in order to address the user key abuse and authorization center key abuse. Experiment illustrates the proposed systems are efficient.

computer science, information systems, theory & methods

DOI: https://doi.org/10.1186/s13677-023-00414-w

2023-03-13

Journal of Cloud Computing

Abstract:Cloud file sharing (CFS) has become one of the important tools for enterprises to reduce technology operating costs and improve their competitiveness. Due to the untrustworthy cloud service provider, access control and security issues for sensitive data have been key problems to be addressed. Current solutions to these issues are largely related to the traditional public key cryptography, access control encryption or attribute-based encryption based on the bilinear mapping. The rapid technological advances in quantum algorithms and quantum computers make us consider the transition from the tradtional cryptographic primitives to the post-quantum counterparts. In response to these problems, we propose a lattice-based Ciphertext-Policy Attribute-Based Encryption(CP-ABE) scheme, which is designed based on the ring learing with error problem, so it is more efficient than that designed based on the learing with error problem. In our scheme, the indirect revocation and binary tree-based data structure are introduced to achieve efficient user revocation and dynamic management of user groups. At the same time, in order to further improve the efficiency of the scheme and realize file sharing across enterprises, the scheme also allows multiple authorities to jointly set up system parameters and manage distribute keys. Furthermore, by re-randomizing the user's private key and update key, we achieve decryption key exposure resistance(DKER) in the scheme. We provide a formal security model and a series of security experiments, which show that our scheme is secure under chosen-plaintext attacks. Experimental simulations and evaluation analyses demonstrate the high efficiency and practicality of our scheme.

Yu Zhang,Jing Chen,Ruiying Du,Lan Deng,Yang Xiang,Qing Zhou

DOI: https://doi.org/10.1109/TrustCom.2014.42

2014-01-01

Abstract:In the past few years, cloud computing has emerged as one of the most influential paradigms in the IT industry. As promising as it is, this paradigm brings forth many new challenges for data security because users have to outsource sensitive data on untrusted cloud servers for sharing. In this paper, to guarantee the confidentiality and security of data sharing in cloud environment, we propose a Flexible and Efficient Access Control Scheme (FEACS) based on Attribute-Based Encryption, which is suitable for fine-grained access control. Compared with existing state-of-the-art schemes, FEACS is more practical by following functions. First of all, considering the factor that the user membership may change frequently in cloud environment, FEACS has the capability of coping with dynamic membership efficiently. Secondly, full logic expression is supported to make the access policy described accurately and efficiently. Besides, we prove in the standard model that FEACS is secure based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of FEACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results prove that our scheme is efficient and effective for cloud environment.

Meiyan Xiao,Hongbo Li,Qiong Huang,Shui Yu,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2022.3173412

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Attribute-based encryption scheme is a promising mechanism to realize one-to-many fine-grained access control which strengthens the security in cloud computing. However, massive amounts of data and various data sharing requirements bring great challenges to the complex but isolated and fixed access structures in most of the existing attribute-based encryption schemes. In this paper, we propose an attribute-based hierarchical encryption scheme with extendable policy, called Extendable Hierarchical Ciphertext-Policy Attribute-Based Encryption (EH-CP-ABE), to improve the data sharing efficiency and security simultaneously. The scheme realizes the function of hierarchical encryption, in which, data with hierarchical access control relationships could be encrypted together flexibly to improve the efficiency. The scheme also achieves external and internal extension of the access structure to further encrypt newly added hierarchical data without updating the original ciphertexts or with only a minor update depending on the data sharing requirements, which simplifies the encryption process and greatly reduces the computation overhead. We formally prove the security of the scheme is IND-CCA secure in the random oracle model based on bilinear Diffie-Hellman assumption, and we also implement our scheme to demonstrate its efficiency and practicality.

Haobin Ma,Dehua Zhou,Peng Li,Xiaoming Wang

DOI: https://doi.org/10.3390/s23094384

IF: 3.9

2023-04-28

Sensors

Abstract:As medical data become increasingly important in healthcare, it is crucial to have proper access control mechanisms, ensuring that sensitive data are only accessible to authorized users while maintaining privacy and security. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is an attractive access control solution that can offer effective, fine-grained and secure medical data sharing, but it has two major drawbacks: Firstly, decryption is computationally expensive for resource-limited data users, especially when the access policy has many attributes, limiting its use in large-scale data-sharing scenarios. Secondly, existing schemes are based on data users’ attributes, which can potentially reveal sensitive information about the users, especially in healthcare data sharing, where strong privacy and security are essential. To address these issues, we designed an improved CP-ABE scheme that provides efficient and verifiable outsourced access control with fully hidden policy named EVOAC-HP. In this paper, we utilize the attribute bloom filter to achieve policy hiding without revealing user privacy. For the purpose of alleviating the decryption burden for data users, we also adopt the technique of outsourced decryption to outsource the heavy computation overhead to the cloud service provider (CSP) with strong computing and storage capabilities, while the transformed ciphertext results can be verified by the data user. Finally, with rigorous security and reliable performance analysis, we demonstrate that EVOAC-HP is both practical and effective with robust privacy protection.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Kaiping Xue,Yingjie Xue,Jianan Hong,Wei Li,Hao Yue,David S. L. Wei,Peilin Hong

DOI: https://doi.org/10.1109/tifs.2016.2647222

IF: 7.231

2017-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Data access control is a challenging issue in public cloud storage systems. Ciphertext-policy attribute-based encryption (CP-ABE) has been adopted as a promising technique to provide flexible, fine-grained, and secure data access control for cloud storage with honest-but-curious cloud servers. However, in the existing CP-ABE schemes, the single attribute authority must execute the time-consuming user legitimacy verification and secret key distribution, and hence, it results in a single-point performance bottleneck when a CP-ABE scheme is adopted in a large-scale cloud storage system. Users may be stuck in the waiting queue for a long period to obtain their secret keys, thereby resulting in low efficiency of the system. Although multiauthority access control schemes have been proposed, these schemes still cannot overcome the drawbacks of single-point bottleneck and low efficiency, due to the fact that each of the authorities still independently manages a disjoint attribute set. In this paper, we propose a novel heterogeneous framework to remove the problem of single-point performance bottleneck and provide a more efficient access control scheme with an auditing mechanism. Our framework employs multiple attribute authorities to share the load of user legitimacy verification. Meanwhile, in our scheme, a central authority is introduced to generate secret keys for legitimacy verified users. Unlike other multi-authority access control schemes, each of the authorities in our scheme manages the whole attribute set individually. To enhance security, we also propose an auditing mechanism to detect which attribute authority has incorrectly or maliciously performed the legitimacy verification procedure. Analysis shows that our system not only guarantees the security requirements but also makes great performance improvement on key generation.

Ying He,Haiyan Wang,Yuan Li,Ke Huang,Victor C. M. Leung,F. Richard Yu,Zhong Ming

DOI: https://doi.org/10.1109/jiot.2021.3099171

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:In the last few decades, ciphertext-policy attribute-based encryption (CP-ABE) technology has attracted great interest, since it can provide fine-grained, flexible, and access control for sensitive data to implement a high secure and efficient data-sharing mechanism. In this article, based on the linear secret sharing scheme (LSSS), an efficient scheme is proposed to realize a collaborative decryption function. For any user group, when the user's attribute set cannot access the ciphertext alone, the private key of other users in the same group can be used for collaborative decryption with the permission of the data owner. Our scheme uses the LSSS matrix that can significantly reduce the computation and storage overhead when comparing with the existing schemes. Then, a multiauthorization model is created based on the Bohen–Lynn–Shacham technology in order to solve the key-management issue. Finally, we implemented the specific functions of the framework through JAVA, and built a private chain to verify the feasibility of data transfer between users.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Ting Guo,Abdugeni Abduxkur,Nurmamat Helil

DOI: https://doi.org/10.1049/2024/6963475

2024-06-20

IET Information Security

Abstract:Ciphertext‐policy attribute‐based encryption (CP‐ABE) is a cryptographic scheme suitable for secure data sharing on cloud storage. The CP‐ABE based on lattice theory has the property of resisting quantum attack. Some data objects uploaded to the cloud by the same data owner may cause conflicts of interest, or their combination may expose sensitive information. This paper proposes a revocable CP‐ABE scheme on the lattice, based on ring learning with error (R‐LWE) problem, to enforce access control constraints on user access to such data objects. In this scheme, first, the access policies of such data objects are amended by adding dummy attributes. Second, we control the secret key components associated with the dummy attributes or revoke the dummy attributes to prevent users from continuously accessing specific parts or all data objects from this kind of data set. Finally, we carry on the efficiency and security analysis of the scheme. The analysis results show that the scheme is efficient and safe.

computer science, information systems, theory & methods