Ciphertext Policy Attribute Based Encryption (CPABE) offers fine-grained access control in Cloud Computing environment. It is considered as the most promising one-to-many encryption mechanism. However, a Cloud user can delegate decryption privileges to unauthorized users for profits. The key abuse issue is not the only limit with this model for the reason that when the malicious user has been caught, it cannot be revoked. To address these problems, we propose a Traceable, Revocable, Accountable and Key-escrow free CPABE scheme (TRAK-CPABE). This solution supports white-box traceability and direct revocation. The main idea of this work is to divide the original data after publishing in cloud server. In the case of user revocation, one single slice is affected. Data owner needs to retrieve, re-encrypt and re-publish it. In addition, shared keys will be traced and conflict scenario will be resolved. More, the traceability of TRAK-CPABE depends on the l-Strong Diffie–Hellman (l-SDH) and Indistinguishability under chosen-plaintext attack (IND-CPA. The security of the proposed scheme is proved formally by using the Scyther tool. Furthermore, the experimental results show the efficiency of the proposed solution.

基于密文策略属性的加密 (CPABE) 在云计算环境中提供细粒度的访问控制。它被认为是最有前途的一对多加密机制。但是，云用户可以将解密权限委托给未经授权的用户以获取利润。关键滥用问题不是该模型的唯一限制，因为当恶意用户被抓住时，它无法撤销。为了解决这些问题，我们提出了一种可追溯、可撤销、可问责和无密钥托管的 CPABE 方案（TRAK-CPABE）。该解决方案支持白盒追溯和直接撤销。这项工作的主要思想是将原始数据发布到云服务器后进行划分。在用户撤销的情况下，影响单个切片。数据所有者需要对其进行检索、重新加密和重新发布。此外，将跟踪共享密钥并解决冲突情况。此外，TRAK-CPABE 的可追溯性取决于 l-Strong Diffie-Hellman (l-SDH) 和选择明文攻击下的不可区分性 (IND-CPA。使用 Scyther 工具正式证明了该方案的安全性。此外，实验结果表明了所提出的解决方案的效率。