With the advances of cloud data centers and cloud service, many application scenarios are developed such as enterprise business, the Vehicular Ad Hoc Networks (VANET), Sensor network. Confidentiality and efficiency are two key problems. CP-ABE is one of fine-grained access control cryptographic technologies and it is widely applied in outsourced data in cloud storage to protect the user's privacy. In addition, besides confidentiality, computational cost is an important factor which makes the

more »

... lication of CP-ABE possible in the situations. In this paper, we propose a novel and fast scheme based on CP-ABE algorithm from the respect of the user's attribute revocation to make it faster. In this scheme, we construct an identical tree T2 that has the same structure as the actual access control tree T1. When the user issues to request the encrypted text preserved on CSP, CSP first tries to decrypt CT2 which is encrypted according to the access policy based on the identical tree T2 and also preserved on it, with the subset of the secret keys corresponding to the indexes of the attributes provided by the user. If CSP can successfully decrypt it, it proves that he/she has the authorization to access the cryptographic text CT1 and CSP will send CT1 to the user. Otherwise, CSP recognizes that the user has no access to CT1 and rejects to send CT1 to the user. Namely, we can decide if we authorize the right to access CT1 by judging if the secret key provided by the user can decrypt CT2. Because CT1 and CT2 have the same access control structure, they have the same secret key for decryption; that is, when some attributes are revoked, if the secret key cannot decrypt CT2, it cannot decrypt CT1. While CSP can directly decrypt CT2, but not CT1, CSP can judge if the user has access to CT1 after the attribute revocation by decryption of CT2. Moreover, we propose the construction method of CT1 and CT2. Finally, we prove that the scheme is secure and viable.