ABSTRACT
This chapter focuses on how to extend Identity-Based Revocable CP-ABE (IR-CP-ABE) by considering the scalability of ABE revocation management solutions such as ABE key federation, interoperability, delegation, etc. The presented scheme is called EIR-CP-ABE. In particular, EIR-CP-ABE does not need a centralized access control infrastructure, where the authorization is done by incorporating security access control policies into ciphertext. In this way, protected data can be stored on even untrusted storage providers’ servers and transmitted over untrusted networks, thus significantly improving the flexibility and usability of the ABAC model. Moreover, the access control policy is defined by the data owners, thus conforming to the data ownership policy. To implement EIR-CP-ABE, existing ABE-based ABAC solutions face challenges to realize important management features of access control such as delegation, federation, interoperability, and revocation, which prevent them from being widely deployed. In this chapter, we present a design of EIR-CP-ABE solution by incorporating users’ private key generation procedure, which allows the ABAC solution to address all these access control management features, which make EIR-CP-ABE approaches practical. The performance evaluation demonstrates the solution is secure and efficient to establish a large-scale attribute-based access control framework.
