RLT-CPABE: Revocable Location and Time Aware Ciphertext Policy Attribute-Based Encryption

Ciphertext policy attribute-based encryption provides fine-grained access control on the data stored in data centres in a dynamic and ubiquitous cloud environment. It enables data owners to create access policies by designating attribute constraints and embedding security policies in the ciphertext that allows the data owners to have access control on data. However, one of the major limitations of existing Ciphertext Policy Attribute Based Encryption (CP-ABE) is that accessibility to data is dependent on static user attributes. There are various applications which require access implementation based on the user's contextual information such as time and location. In this paper, we propose a Revocable Location and Time Aware Ciphertext Policy Attribute-Based Encryption (RLT-CPABE) which enhances data security by integrating location and time into the encryption and decryption process. Our scheme employs a single range derivation function to implement time range comparison and re-encryption technique to embed the current time in the ciphertext. Geo-hashes of the locations are used as attributes to support location constraints. RLT-CPABE implements time and location-driven encryption and decryption while satisfying user revocation. In addition, we have introduced fog computing services for efficient implementation, where partial decryption operations, revocation and computing towards time and location verification are outsourced to fog nodes. This reduces the computational load on resource-constrained user devices. The security and performance analysis shows the efficacy of our cryptosystem for practical applications.