Abstract
It is secure for customers to store and share their sensitive data in the cryptographic cloud storage. However, the revocation operation is a sure performance killer in the cryptographic access control system. To optimize the revocation procedure, we present a new efficient revocation scheme which is efficient, secure, and unassisted. In this scheme, the original data are first divided into a number of slices, and then published to the cloud storage. When a revocation occurs, the data owner needs only to retrieve one slice, and re-encrypt and re-publish it. Thus, the revocation process is accelerated by affecting only one slice instead of the whole data. We have applied the efficient revocation scheme to the ciphertext-policy attribute-based encryption (CP-ABE) based cryptographic cloud storage. The security analysis shows that our scheme is computationally secure. The theoretically evaluated and experimentally measured performance results show that the efficient revocation scheme can reduce the data owner’s workload if the revocation occurs frequently.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Amazon, 2012. Amazon Simple Storage Service. Available from http://aws.amazon.com/s3/ [Accessed on June 11, 2012].
Backes, M., Cachin, C., Oprea, A., 2005. Lazy Revocation in Cryptographic File Systems. Proc. 3rd IEEE Int. Security in Storage Workshop, p.1–11. [doi:10.1109/SISW.2005.7]
Bethencourt, J., Sahai, A., Waters, B., 2007. Ciphertext-Policy Attribute-Based Encryption. IEEE Symp. on Security and Privacy, p.321–334. [doi:10.1109/SP.2007.11]
Bethencourt, J., Sahai, A., Waters, B., 2012. Ciphertext-Policy Attribute-Based Encryption. Available from http://acsc.cs.utexas.edu/cpabe/ [Accessed on June 10, 2012].
Blanchet, B., Chaudhuri, A., 2008. Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage. IEEE Symp. on Security and Privacy, p.417–431. [doi:10.1109/SP.2008.12]
Blaze, M., Bleumer, G., Strauss, M., 1998. Divertible protocols and atomic proxy cryptography. LNCS, 1403:127–144. [doi:10.1007/BFb0054122]
Boneh, D., Gentry, C., Waters, B., 2005. Collusion resistant broadcast encryption with short ciphertexts and private keys. LNCS, 3621:258–275. [doi:10.1007/11535218_16]
di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P., 2007. Over-Encryption: Management of Access Control Evolution on Outsourced Data. Proc. 33rd Int. Conf. on Very Large Data Bases, p.123–134.
Foresti, S., 2010. Preserving Privacy in Data Outsourcing. Springer. [doi:10.1007/978-1-4419-7659-8]
Geambasu, R., Kohno, T., Levy, A., Levy, H.M., 2009. Vanish: Increasing Data Privacy with Self-Destructing Data. Proc. 18th USENIX Security Symp., p.299–333.
Goyal, V., Pandey, O., Sahai, A., Waters, B., 2006. Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. Proc. 13th ACM Conf. on Computer and Communications Security, p.89–98. [doi:10.1145/1180405.1180418]
Hadoop, 2012. HDFS Architecture Guide. Available from http://hadoop.apache.org/docs/hdfs/current/hdfs_design.html [Accessed on June 28, 2012].
Jahid, S., Mittal, P., Borisov, N., 2011. Easier: Encryption-Based Access Control in Social Networks with Efficient Revocation. Proc. 6th ACM Symp. on Information, Computer and Communications Security, p.411–415. [doi:10.1145/1966913.1966970]
Kamara, S., Lauter, K., 2010. Cryptographic Cloud Storage. Proc. 14th Int. Conf. on Financial Cryptography and Data Security, p.136–149. [doi:10.1007/978-3-642-14992-4_13]
Kumbhare, A.G., Simmhan, Y., Prasanna, V., 2011. Designing a Secure Storage Repository for Sharing Scientific Datasets Using Public Clouds. Proc. 2nd Int. Workshop on Data Intensive Computing in the Clouds, p.31–40. [doi:10.1145/2087522.2087530]
Lewko, A., Sahai, A., Waters, B., 2010. Revocation Systems with Very Small Private Keys. IEEE Symp. on Security and Privacy, p.273–285. [doi:10.1109/SP.2010.23]
Liang, X., Cao, Z., Lin, H., Shao, J., 2009. Attribute Based Proxy Re-encryption with Delegating Capabilities. Proc. 4th Int. Symp. on Information, Computer, and Communications Security, p.276–286. [doi:10.1145/1533057.1533094]
Libert, B., Vergnaud, D., 2011. Unidirectional chosenciphertext secure proxy re-encryption. IEEE Trans. Inf. Theory, 57(3):1786–1802. [doi:10.1007/978-3-540-78440-1_21]
OpenSSL, 2012. OpenSSL: Cryptography and SSL/TLS Toolkit. Available from http://www.openssl.org/ [Accessed on July 26, 2012].
Plank, J.S., Simmerman, S., Schuman, C.D., 2008. Jerasure: a Library in C/C++ Facilitating Erasure Coding for Storage Applications, Version 1.2. Available from http://web.eecs.utk.edu/~plank/plank/papers/CS-08-627.html [Accessed on June 29, 2012].
Rabin, M.O., 1989. Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM, 36(2):335–348. [doi:10.1145/62044.62050]
Resch, J.K., Plank, J.S., 2011. AONT-RS: Blending Security and Performance in Dispersed Storage Systems. Proc. 9th Usenix Conf. on File and Storage Technologies, p.191–202.
Rivest, R., 1997. All-or-nothing encryption and the package transform. LNCS, 1267:210–218. [doi:10.1007/BFb0052348]
Sahai, A., Waters, B., 2005. Fuzzy identity-based encryption. LNCS, 3494:557–557. [doi:10.1007/11426639_27]
Samarati, P., di Vimercati, S.D.C., 2010. Data Protection in Outsourcing Scenarios: Issues and Directions. Proc. 5th ACM Symp. on Information, Computer and Communications Security, p.1–14. [doi:10.1145/1755688.1755690]
Shamir, A., 1979. How to share a secret. Commun. ACM, 22(11):612–613. [doi:10.1145/359168.359176]
Storer, M.W., Greenan, K.M., Miller, E.L., Voruganti, K., 2007. Potshards: Secure Long-Term Storage without Encryption. Proc. USENIX Annual Technical Conf., p.1–11.
Tang, Y., Lee, P., Lui, J., Perlman, R., 2012. Secure overlay cloud storage with access control and assured deletion. IEEE Trans. Depend. Sec. Comput., 9(6):903–916. [doi:10.1109/TDSC.2012.49]
Waters, B., 2011. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. LNCS, 6571:53–70. [doi:10.1007/978-3-642-19379-8_4]
Xu, L., Wu, X., Zhang, X., 2012. CL-PRE: a Certificateless Proxy Re-encryption Scheme for Secure Data Sharing with Public Cloud. Proc. 7th ACM Symp. on Information, Computer and Communications Security, p.1–10.
Xu, Z., Martin, K.M., 2012. Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption in Cloud Storage. Proc. 11th Int. Conf. on Trust, Security and Privacy in Computing and Communications, p.844–849. [doi:10.1109/TrustCom.2012.136]
Yu, S., Wang, C., Ren, K., Lou, W., 2010a. Achieving Secure, Scalable, and Fine-Grained Data Access Control in Cloud Computing. IEEE INFOCOM, p.1–9. [doi:10.1109/INFCOM.2010.5462174]
Yu, S., Wang, C., Ren, K., Lou, W., 2010b. Attribute Based Data Sharing with Attribute Revocation. Proc. 5th ACM Symp. on Information, Computer and Communications Security, p.261–270. [doi:10.1145/1755688.1755720]
Author information
Authors and Affiliations
Corresponding author
Additional information
Project (Nos. 61070037, 61070201, and 61103016) supported by the National Natural Science Foundation of China
A preliminary version was presented at the 2nd International Conference on Cloud and Green Computing, Nov. 1–3, 2012, Xiangtan, China
Rights and permissions
About this article
Cite this article
Cheng, Y., Wang, Zy., Ma, J. et al. Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage. J. Zhejiang Univ. - Sci. C 14, 85–97 (2013). https://doi.org/10.1631/jzus.C1200240
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/jzus.C1200240