Abstract
With the growing use of cloud storage facilities, outsourced data security becomes a major concern. However, assured deletion for outsourced data, as an important issue for users, but received less attention in academia and industry. Most of traditional deletion solutions require specific data organization forms or storage media, and are not applicable for outsourced data. Moreover, existing access control schemes for cloud which used ciphertext-policy attribute-based encryption (CPABE), focused on fine-grained access control, and completely ignored data deletion. In this paper, we aim to design an effective data deletion scheme that can be applied to any CPABE built on linear secret sharing-scheme. However, the challenge is how to maintain the traits of traditional CPABE while implementing a universal deletion method.
To address this challenge, we propose a policy graph to describe relationships among users, policies, attributes, and files and introduce a new deletion concept for CPABE: when all users are unauthorized for a file, we say that the file is deleted. Then, we extend an efficient and verifiable deletion scheme on a CPABE. Specifically, we give an effective method to select key attributes and update the relevant parts of ciphertext so that all users become unauthorized. Furthermore, we verify the cipher update performed by third-party server through merkle trees. We also demonstrate its universality and prove the security under q-BDHE assumption. Finally, the performance evaluation and simulation results reveal that our solution achieves better performance compared with other schemes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boneh, D., Lipton, R.J.: A revocable backup system. In: Proceedings of the 6th USENIX Security Symposium, San Jose, CA, USA, July 22–25 1996 (1996)
Cachin, C., Haralambiev, K., Hsiao, H., Sorniotti, A.: Policy-based secure deletion. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 259–270 (2013)
Caro, A.D., Iovino, V.: JPBC: Java pairing based cryptography. In: Proceedings of the 16th IEEE Symposium on Computers and Communications, ISCC 2011, Kerkyra, Corfu, Greece, 28 June 28–1 July 2011, pp. 850–855 (2011)
Chen, Y., Sun, W., Zhang, N., Zheng, Q., Lou, W., Hou, Y.T.: A secure remote monitoring framework supporting efficient fine-grained access control and data processing in IoT. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 254, pp. 3–21. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01701-9_1
Hong, J., Xue, K., Li, W.: Comments on “DAC-MACS: effective data access control for multiauthority cloud storage systems”/security analysis of attribute revocation in multiauthority data access control for cloud storage systems. IEEE Trans. Inf. Forensics Secur. 10(6), 1315–1317 (2015)
Joukov, N., Papaxenopoulos, H., Zadok, E.: Secure deletion myths, issues, and solutions. In: Proceedings of the 2006 ACM Workshop on Storage Security and Survivability, StorageSS 2006, Alexandria, VA, USA, 30 October 2006, pp. 61–66 (2006)
Liu, W.: Cloudcrypto. https://github.com/liuweiran900217/CloudCrypto
Liu, Z., Duan, S., Zhou, P., Wang, B.: Traceable-then-revocable ciphertext-policy attribute-based encryption scheme. Future Gener. Comput. Syst. 93, 903–913 (2019)
Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_32
Mitra, S., Winslett, M.: Secure deletion from inverted indexes on compliance storage. In: Proceedings of the Second ACM Workshop on Storage Security and Survivability, pp. 67–72. ACM (2006)
Ning, J., Cao, Z., Dong, X., Liang, K., Ma, H., Wei, L.: Auditable \(\sigma \)-time outsourced attribute-based encryption for access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 13(1), 94–105 (2018)
Perlman, R.J.: File system design with assured delete. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2007, San Diego, California, USA, 28th February–2nd March 2007 (2007)
Tang, Y., Lee, P.P.C., Lui, J.C.S., Perlman, R.J.: Secure overlay cloud storage with access control and assured deletion. IEEE Trans. Dependable Sec. Comput. 9(6), 903–916 (2012)
Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19379-8_4
Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2014)
Yang, K., Jia, X., Ren, K.: Attribute-based fine-grained access control with efficient revocation in cloud storage systems. In: 8th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2013, Hangzhou, China, 08–10 May 2013, pp. 523–528 (2013)
Yang, K., Jia, X., Ren, K., Zhang, B.: DAC-MACS: effective data access control for multi-authority cloud storage systems. In: Proceedings of the IEEE INFOCOM 2013, Turin, Italy, 14–19 April 2013, pp. 2895–2903 (2013)
Yang, K., Jia, X., Ren, K., Zhang, B., Xie, R.: DAC-MACS: effective data access control for multiauthority cloud storage systems. IEEE Trans. Inf. Forensics Secur. 8(11), 1790–1801 (2013)
Yu, Y., Xue, L., Li, Y., Du, X., Guizani, M., Yang, B.: Assured data deletion with fine-grained access control for fog-based industrial applications. IEEE Trans. Ind. Inform. 14(10), 4538–4547 (2018)
Acknowledgement
This work was supported by the National Natural Science Foundation of China (61671360, 61672415,61672413), the National Key Research and Development Project of China (2016YFB0801805), the Key Program of NSFC-Tongyong Union Foundation under Grant (U1636209), and the Key Program of NSFC Grant (U1405255).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Cheng, Y., Yang, L., Yu, S., Ma, J. (2019). Achieving Efficient and Verifiable Assured Deletion for Outsourced Data Based on Access Right Revocation. In: Mu, Y., Deng, R., Huang, X. (eds) Cryptology and Network Security. CANS 2019. Lecture Notes in Computer Science(), vol 11829. Springer, Cham. https://doi.org/10.1007/978-3-030-31578-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-31578-8_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31577-1
Online ISBN: 978-3-030-31578-8
eBook Packages: Computer ScienceComputer Science (R0)