Revocable attribute-based access control in mutli-autority systems

Multi-authority attribute-based encryption is an encryption method which provides a distributed, flexible and fine-grained access control in untrustworthy environments. However, this method suffers from some shortcoming as revocation which is one of its major challenges. The revocation consists of banishing users from the system or some of their attributes to prevent them from getting access to the data. In literature, the most known solutions, as time-based solutions and proxy solutions, suggest to attribute an expiration time to users' keys or to naively rely on a semi-trusted proxy to revoke users. In the time-based solutions, the revocation is not immediate and the revoked users might continue to access the data until the next key regeneration phase, while proxy-based solutions do not achieve fine-grained access and the users cannot get access if the proxy goes offline. In this paper, we propose a novel and efficient revocation solution for decentralized attribute-based scheme. Our solution ensures flexible and fine-grained access control and prevents security degradations. Moreover, it performs immediate users or attributes revocation without any key regeneration or any changes on the users' side, as well as it provides collusion resistance and supports scalability. Finally, we show through experimentation that our solution outperforms existing ones.