Advertisement

Generic user revocation systems for attribute-based encryption in cloud storage

  • Genlang ChenEmail author
  • Zhiqian Xu
  • Hai Jiang
  • Kuan-ching Li
Article
  • 15 Downloads

Abstract

Cloud-based storage is a service model for businesses and individual users that involves paid or free storage resources. This service model enables on-demand storage capacity and management to users anywhere via the Internet. Because most cloud storage is provided by third-party service providers, the trust required for the cloud storage providers and the shared multi-tenant environment present special challenges for data protection and access control. Attribute-based encryption (ABE) not only protects data secrecy, but also has ciphertexts or decryption keys associated with fine-grained access policies that are automatically enforced during the decryption process. This enforcement puts data access under control at each data item level. However, ABE schemes have practical limitations on dynamic user revocation. In this paper, we propose two generic user revocation systems for ABE with user privacy protection, user revocation via ciphertext re-encryption (UR-CRE) and user revocation via cloud storage providers (UR-CSP), which work with any type of ABE scheme to dynamically revoke users.

Key words

Attribute-based encryption Generic user revocation User privacy Cloud storage Access control 

CLC number

TP309.2 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Attrapadung N, Libert B, de Panafieu E, 2011. Expressive key-policy attribute-based encryption with constant-size ciphertexts. LNCS, 6571:90–108. https://doi.org/10.1007/978-3-642-19379-8_6 MathSciNetzbMATHGoogle Scholar
  2. Attrapadung N, Herranz J, Laguillaumie F, et al., 2012. Attribute-based encryption schemes with constant-size ciphertexts. Theor Comput Sci, 422(9):15–38. https://doi.org/10.1016/j.tcs.2011.12.004 MathSciNetCrossRefzbMATHGoogle Scholar
  3. Au MH, Tsang PP, Susilo W, et al., 2009. Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. LNCS, 5473:295–308. https://doi.org/10.1007/978-3-642-00862-7_20 MathSciNetzbMATHGoogle Scholar
  4. Benaloh J, de Mare M, 1993. One-way accumulators: a decentralized alternative to digital signatures. LNCS, 765:274–285. https://doi.org/10.1007/3-540-48285-7_24 zbMATHGoogle Scholar
  5. Bethencourt J, Sahai A, Waters B, 2007. Ciphertext-policy attribute-based encryption. Proc IEEE Symp on Security and Privacy, p.321–334. https://doi.org/10.1109/SP.2007.11 Google Scholar
  6. Boneh D, Franklin M, 2003. Identity-based encryption from the Weil pairing. SIAM J Comput, 32(3):586–615. https://doi.org/10.1137/S0097539701398521 MathSciNetCrossRefzbMATHGoogle Scholar
  7. Brickell E, Camenisch J, Chen LQ, 2004. Direct anonymous attestation. Proc 11th ACM Conf on Computer and Communications Security, p.132–145. https://doi.org/10.1145/1030083.1030103 Google Scholar
  8. Camenisch J, Lysyanskaya A, 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. LNCS, 2442:61–76. https://doi.org/10.1007/3-540-45708-9_5 MathSciNetzbMATHGoogle Scholar
  9. Canetti R, Halevi S, Katz J, 2004. Chosen-ciphertext security from identity-based encryption. LNCS, 3027:207–222. https://doi.org/10.1007/978-3-540-24676-3_13 MathSciNetzbMATHGoogle Scholar
  10. Carroll M, van der Merwe A, Kotzé P, 2011. Secure cloud computing: benefits, risks and controls. Information Security South Africa, p.1–9. https://doi.org/10.1109/ISSA.2011.6027519 Google Scholar
  11. Chase M, 2007. Multi-authority attribute based encryption. Proc 4th Conf on Theory of Cryptography, p.515–534. https://doi.org/10.1007/978-3-540-70936-7_28 CrossRefGoogle Scholar
  12. Chase M, Chow SS, 2009. Improving privacy and security in multi-authority attribute-based encryption. Proc 16th ACM Conf on Computer and Communications Security, p.121–130. https://doi.org/10.1145/1653662.1653678 Google Scholar
  13. Chen C, Zhang ZF, Feng DG, 2011. Efficient ciphertext policy attribute-based encryption with constantsize ciphertext and constant computation-cost. LNCS, 6980:84–101. https://doi.org/10.1007/978-3-642-24316-5_8 zbMATHGoogle Scholar
  14. Chen C, Chen J, Lim HW, et al., 2013. Fully secure attributebased systems with short ciphertexts/signatures and threshold access structures. LNCS, 7779:50–67. https://doi.org/10.1007/978-3-642-36095-4_4 zbMATHGoogle Scholar
  15. Cheung L, Newport C, 2007. Provably secure ciphertext policy ABE. Proc 14th ACM Conf on Computer and Communications Security, p.456–465. https://doi.org/10.1145/1315245.1315302 Google Scholar
  16. Chow R, Golle P, Jakobsson M, et al., 2009. Controlling data in the cloud: outsourcing computation without outsourcing control. Proc ACM Cloud Computing Security Workshop, p.85–90. https://doi.org/10.1145/1655008.1655020 Google Scholar
  17. Emura K, Miyaji A, Nomura A, et al., 2009. A ciphertextpolicy attribute-based encryption scheme with constant ciphertext length. LNCS, 5451:13–23. https://doi.org/10.1007/978-3-642-00843-6_2 Google Scholar
  18. Gibson J, Rondeau R, Eveleig D, et al., 2012. Benefits and challenges of three cloud computing service models. 4th Int Conf on Computational Aspects of Social Networks, p.198–205. https://doi.org/10.1109/CASoN.2012.6412402 Google Scholar
  19. Goyal V, Pandey O, Sahai A, et al., 2006. Attribute-based encryption for fine-grained access control of encrypted data. Proc 13th ACM Conf on Computer and Communications Security, p.89–98. https://doi.org/10.1145/1180405.1180418 Google Scholar
  20. Goyal V, Jain A, Pandey O, et al., 2008. Bounded ciphertext policy attribute based encryption. LNCS, 5126:579–591. https://doi.org/10.1007/978-3-540-70583-3_47 MathSciNetzbMATHGoogle Scholar
  21. Han JG, Susilo W, Mu Y, et al., 2012. Privacypreserving decentralized key-policy attribute-based encryption. IEEE Trans Parall Distrib Syst, 23(11):2150–2162. https://doi.org/10.1109/TPDS.2012.50 CrossRefGoogle Scholar
  22. Hayes B, 2008. Cloud computing. Commun ACM, 51(7):9–11. https://doi.org/10.1145/1342327.1342330 CrossRefGoogle Scholar
  23. Herranz J, Laguillaumie F, Ràfols C, 2010. Constant size ciphertexts in threshold attribute-based encryption. LNCS, 6056:19–34. https://doi.org/10.1007/978-3-642-13013-7_2 MathSciNetzbMATHGoogle Scholar
  24. Hur J, Noh DK, 2011. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parall Distrib Syst, 22(7):1214–1221. https://doi.org/10.1109/TPDS.2010.203 CrossRefGoogle Scholar
  25. Ibraimi L, Tang Q, Hartel P, et al., 2009. Efficient and provable secure ciphertext-policy attribute-based encryption schemes. LNCS, 5451:1–12. https://doi.org/10.1007/978-3-642-00843-6_1 Google Scholar
  26. Jahid S, Mittal P, Borisov N, 2011. Easier: encryption-based access control in social networks with efficient revocation. Proc 6th ACM Symp on Information, Computer and Communications Security, p.411–415. https://doi.org/10.1145/1966913.1966970 Google Scholar
  27. Junod P, Karlov A, 2010. An efficient public-key attributebased broadcast encryption scheme allowing arbitrary access policies. Proc 10th Annual ACM Workshop on Digital Rights Management, p.13–24. https://doi.org/10.1145/1866870.1866875 CrossRefGoogle Scholar
  28. Karchmer M, Wigderson A, 1993. On span programs. Proc 8th Annual Structure in Complexity Theory Conf, p.102–111. https://doi.org/10.1109/SCT.1993.336536 Google Scholar
  29. Lewko A, Waters B, 2011. Decentralizing attribute-based encryption. LNCS, 6632:568–588. https://doi.org/10.1007/978-3-642-20465-4_31 MathSciNetzbMATHGoogle Scholar
  30. Lewko A, Sahai A, Waters B, 2010a. Revocation systems with very small private keys. IEEE Symp on Security and Privacy, p.273–285. https://doi.org/10.1109/SP.2010.23 Google Scholar
  31. Lewko A, Okamoto T, Sahai A, et al., 2010b. Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. LNCS, 6110: 62–91. https://doi.org/10.1007/978-3-642-13190-5_4 MathSciNetzbMATHGoogle Scholar
  32. Li J, Huang Q, Chen XF, et al., 2011. Multi-authority ciphertext-policy attribute-based encryption with accountability. Proc ACM Symp on Information, Computer and Communications Security, p.386–390. https://doi.org/10.1145/1966913.1966964 Google Scholar
  33. Lin H, Cao ZF, Liang XH, et al., 2008. Secure threshold multi authority attribute based encryption without a central authority. LNCS, 5365:426–436. https://doi.org/10.1007/978-3-540-89754-5_33 MathSciNetzbMATHGoogle Scholar
  34. Miller HG, Veiga J, 2009. Cloud computing: will commodity services benefit users long term? IT Prof, 11(6):57–59. https://doi.org/10.1109/MITP.2009.117
  35. Nguyen L, 2005. Accumulators from bilinear pairings and applications. LNCS, 3376:275–292. https://doi.org/10.1007/978-3-540-30574-3_19 MathSciNetzbMATHGoogle Scholar
  36. Okamoto T, Takashima K, 2010. Fully secure functional encryption with general relations from the decisional linear assumption. LNCS, 6223:191–208. https://doi.org/10.1007/978-3-642-14623-7_11 MathSciNetzbMATHGoogle Scholar
  37. Ostrovsky R, Sahai A, Waters B, 2007. Attribute-based encryption with non-monotonic access structures. Proc 14th ACM Conf on Computer and Communications Security, p.195–203. https://doi.org/10.1145/1315245.1315270 Google Scholar
  38. Parno B, Raykova M, Vaikuntanathan V, 2012. How to delegate and verify in public: verifiable computation from attribute-based encryption. LNCS, 7194:422–439. https://doi.org/10.1007/978-3-642-28914-9_24 zbMATHGoogle Scholar
  39. Pirretti M, Traynor P, McDaniel P, et al., 2006. Secure attribute-based systems. Proc 13th ACM Conf on Computer and Communications Security, p.99–112. https://doi.org/10.1145/1180405.1180419 Google Scholar
  40. Ren K, Wang C, Wang Q, 2012. Security challenges for the public cloud. IEEE Int Comput, 16(1):69–73. https://doi.org/10.1109/MIC.2012.14 CrossRefGoogle Scholar
  41. Sahai A, Waters B, 2005. Fuzzy identity-based encryption. LNCS, 3494:457–473. https://doi.org/10.1007/11426639_27 MathSciNetzbMATHGoogle Scholar
  42. Sahai A, Seyalioglu H, Waters B, 2012. Dynamic credentials and ciphertext delegation for attribute-based encryption. LNCS, 7417:199–217. https://doi.org/10.1007/978-3-642-32009-5_13 MathSciNetzbMATHGoogle Scholar
  43. Shamir A, 1979. How to share a secret. Commun ACM, 22(11):612–613. https://doi.org/10.1145/359168.359176 MathSciNetCrossRefzbMATHGoogle Scholar
  44. Wang C, Wang Q, Ren K, et al., 2009. Ensuring data storage security in cloud computing. 17th Int Workshop on Quality of Service, p.1–9. https://doi.org/10.1109/IWQoS.2009.5201385 Google Scholar
  45. Wang GJ, Liu Q, Wu J, et al., 2011. Hierarchical attributebased encryption and scalable user revocation for sharing data in cloud servers. Comput Secur, 30(5):320–331. https://doi.org/10.1016/j.cose.2011.05.006 CrossRefGoogle Scholar
  46. Wang ZJ, Huang DJ, 2018. Privacy-preserving mobile crowd sensing in ad hoc networks. Ad Hoc Networks, 73:14–26. https://doi.org/10.1016/j.adhoc.2018.02.003 CrossRefGoogle Scholar
  47. Wang ZJ, Huang DJ, Wu HJ, et al., 2014. Towards distributed privacy-preserving mobile access control. IEEE Global Communications Conf, p.582–587. https://doi.org/10.1109/GLOCOM.2014.7036870 Google Scholar
  48. Wang ZJ, Huang DJ, Zhu Y, et al., 2015. Efficient attributebased comparable data access control. IEEE Trans Comput, 64(12):3430–3443. https://doi.org/10.1109/TC.2015.2401033 MathSciNetCrossRefzbMATHGoogle Scholar
  49. Waters B, 2011. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. LNCS, 6571:53–70. https://doi.org/10.1007/978-3-642-19379-8_4 MathSciNetzbMATHGoogle Scholar
  50. Weiss A, 2007. Computing in the clouds. NetWorker, 11(4):16–25. https://doi.org/10.1145/1327512.1327513 CrossRefGoogle Scholar
  51. Xu ZQ, Martin KM, 2012. Dynamic user revocation and key refreshing for attribute-based encryption in cloud storage. 11th IEEE Int Conf on Trust, Security and Privacy in Computing and Communications, p.844–849. https://doi.org/10.1109/TrustCom.2012.136 Google Scholar
  52. Xu ZQ, Martin KM, 2013. A practical deployment framework for use of attribute-based encryption in data protection. IEEE 10th Int Conf on High Performance Computing and Communications & IEEE Int Conf on Embedded and Ubiquitous Computing, p.1593–1598. https://doi.org/10.1109/HPCC.and.EUC.2013.224 Google Scholar
  53. Yang K, Jia XH, Ren K, 2013. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. Proc 8th ACM SIGSAC Symp on Information, Computer and Communications Security, p.523–528. https://doi.org/10.1145/2484313.2484383 Google Scholar
  54. Yu SC, Ren K, Lou WJ, 2008. Attribute-based content distribution with hidden policy. 4th Workshop on Secure Network Protocols, p.39–44. https://doi.org/10.1109/NPSEC.2008.4664879 Google Scholar
  55. Yu SC, Wang C, Ren K, et al., 2010. Achieving secure, scalable, and fine-grained data access control in cloud computing. Proc IEEE INFOCOM, p.534–542. https://doi.org/10.1109/INFCOM.2010.5462174 Google Scholar

Copyright information

© Editorial Office of Journal of Zhejiang University Science and Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Genlang Chen
    • 1
    Email author
  • Zhiqian Xu
    • 2
  • Hai Jiang
    • 3
  • Kuan-ching Li
    • 4
  1. 1.Institute of Ningbo TechnologyZhejiang UniversityNingboChina
  2. 2.New YorkUSA
  3. 3.Department of Computer ScienceArkansas State UniversityJonesboroUSA
  4. 4.Department of Computer Science and Information EngineeringProvidence UniversityTaiwanChina

Personalised recommendations