Advertisement

Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data

  • Yanjiang Yang
  • Joseph K. Liu
  • Kaitai Liang
  • Kim-Kwang Raymond Choo
  • Jianying Zhou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9327)

Abstract

Attribute-based encryption has the potential to be deployed in a cloud computing environment to provide scalable and fine-grained data sharing. However, user revocation within ABE deployment remains a challenging issue to overcome, particularly when there is a large number of users. In this work, we introduce an extended proxy-assisted approach, which weakens the trust required of the cloud server. Based on an all-or-nothing principle, our approach is designed to discourage a cloud server from colluding with a third party to hinder the user revocation functionality. We demonstrate the utility of our approach by presenting a construction of the proposed approach, designed to provide efficient cloud data sharing and user revocation. A prototype was then implemented to demonstrate the practicality of our proposed construction.

Keywords

Leaf Node Cloud Server Cloud Storage Cloud Service Provider Data Owner 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgment

Joseph K. Liu is supported by National Natural Science Foundation of China (61472083). Kaitai Liang is supported by privacy-aware retrieval and modelling of genomic data (PRIGENDA, No. 13283250), the Academy of Finland.

References

  1. 1.
    Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: Parker, M.G. (ed.) Cryptography and Coding 2009. LNCS, vol. 5921, pp. 278–300. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  2. 2.
    Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: A method for fast revocation of public key certificates and security capabilities. In: Proceedings of USENIX Security (2001)Google Scholar
  4. 4.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE S&P, pp. 321–334 (2007)Google Scholar
  5. 5.
    Choo, K.K.R.: Legal issues in the cloud. IEEE Cloud Comput. 1(1), 94–96 (2014)CrossRefGoogle Scholar
  6. 6.
    Chow, S.S.M., Boyd, C., González Nieto, J.M.: Security-mediated certificateless cryptography. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 508–524. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  7. 7.
    Chen, Y., Jiang, L., Yiu, S., Au, M., Xuan, W.: Fully-RCCA-CCA-Secure ciphertext-policy attribute based encryption with security mediator. In: Proceedings of ICICS 2014 (2014)Google Scholar
  8. 8.
    Cloud Security Alliance: Security guidance for critical areas of focus in cloud computing (2009). http://www.cloudsecurityalliance.org
  9. 9.
    Chu, C.-K., Zhu, W.T., Han, J., Liu, J.K., Xu, J., Zhou, J.: Security concerns in popular cloud storage services. IEEE Pervasive Comput. 12(4), 50–57 (2013)CrossRefGoogle Scholar
  10. 10.
    European Network and Information Security Agency: Cloud computing risk assessment (2009). http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
  11. 11.
    Gartner: Don’t trust cloud provider to protect your corporate assets, 28 May 2012. http://www.mis-asia.com/resource/cloud-computing/gartner-dont-trust-cloud-provider-to-protect-your-corporate-assets
  12. 12.
    Green, M., Hohenberger, S., Waters, B.: Outsourcing the decryption of ABE ciphertexts. In: Proceedings of USENIX Security (2011)Google Scholar
  13. 13.
    Goyal, V., Pandy, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of ACM CCS 2006, pp. 89–98 (2006)Google Scholar
  14. 14.
    Hohenberger, S., Waters, B.: Online/offline attribute-based encryption. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 293–310. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  15. 15.
    Jiang, T., Chen, X., Li, J., Wong, D.S., Ma, J., Liu, J.: TIMER: secure and reliable cloud storage against data re-outsourcing. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 346–358. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  16. 16.
    Liang, K., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S., Yang, G., Phuong, T.V.X., Xie, Q.: A DFA-based functional proxy pe-encryption scheme for secure public cloud data sharing. IEEE Trans. Inf. Forensics Secur. 9(10), 1667–1680 (2014)CrossRefGoogle Scholar
  17. 17.
    Liang, K., Liu, J.K., Wong, D.S., Susilo, W.: GO-ABE: an efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In: Proceedings of ESORICS 2014, pp. 257-272 (2014)Google Scholar
  18. 18.
    Liang, K., Susilo, W., Liu, J.K.: Privacy-preserving ciphertext multi-sharing control for big data storage. IEEE Trans. Inf. Forensics Secur. 10(8), 1578–1589 (2015)CrossRefGoogle Scholar
  19. 19.
    Liu, J.K., Au, M.H., Susilo, W., Liang, K., Lu, R., Srinivasan, B.: Secure sharing and searching for real-time video data in mobile cloud. IEEE Netw. 29(2), 46–50 (2015)CrossRefGoogle Scholar
  20. 20.
    Li, M., Huang, X., Liu, J.K., Xu, L.: GO-ABE: group-oriented attribute-based encryption. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) NSS 2014. LNCS, vol. 8792, pp. 260–270. Springer, Heidelberg (2014) Google Scholar
  21. 21.
    Liu, Z., Wong, D.S.: Practical attribute based encryption: traitor tracing, revocation, and large universe. https://eprint.iacr.org/2014/616.pdf
  22. 22.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  23. 23.
    Ostrovsky, R., Sahai, A., Waters, B.: Attribute-based encryption with non-monotonic access structures. In: Proceedings of ACM CCS 2007, pp. 195–203 (2007)Google Scholar
  24. 24.
    Quick, D., Martini, B., Choo, K.K.R.: Cloud Storage Forensics. Syngress/Elsevier, Amsterdam (2014) Google Scholar
  25. 25.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997) Google Scholar
  26. 26.
    Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  27. 27.
    Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. J. ACM 27(4), 701–717 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Waters, B.: Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  29. 29.
    Wang, G., Liu, Q., Wu, J.: Hierarhical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of ACM CCS 2010, pp. 735–737 (2010)Google Scholar
  30. 30.
    Yang, K., Jia, X.: Expressive, efficient, and revocable data access control for multiauthority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2014)CrossRefGoogle Scholar
  31. 31.
    Yang, K., Jia, X., Ren, K., Zhang, B., Xie, R.: DAC-MACS: effective data access control for multiauthority cloud storage systems. IEEE Trans. Inf. Forensics Secur. 8(11), 1790–1801 (2013)CrossRefGoogle Scholar
  32. 32.
    Yang, Y., Ding, X., Lu, H., Wan, Z., Zhou, J.: Achieving revocable fine-grained cryptographic access control over cloud data. In: Proceedings of ISC 2013 (2013)Google Scholar
  33. 33.
    Yang, Y., Lu, H., Weng, J., Zhang, Y., Sakurai, K.: Fine-grained conditional proxy re-encryption and application. In: Chow, S.S.M., Liu, J.K., Hui, L.C.K., Yiu, S.M. (eds.) ProvSec 2014. LNCS, vol. 8782, pp. 206–222. Springer, Heidelberg (2014). Extended version to appear: Pervasive and Mobile Computing, ELSEVIER Google Scholar
  34. 34.
    Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained aata access control in cloud computing. In: Proceedings of IEEE INFOCOM 2010 (2010)Google Scholar
  35. 35.
    Yuen, T.H., Zhang, Y., Yiu, S.M., Liu, J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 130–147. Springer, Heidelberg (2014) Google Scholar
  36. 36.
    Zippel, R.: Probabilistic algorithms for sparse polynomials. In: Ng, K.W. (ed.) EUROSAM/ISSAC 1979. LNCS, vol. 72, pp. 216–226. Springer, Heidelberg (1979) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Yanjiang Yang
    • 1
  • Joseph K. Liu
    • 2
  • Kaitai Liang
    • 3
  • Kim-Kwang Raymond Choo
    • 4
  • Jianying Zhou
    • 1
  1. 1.Institute for Infocomm ResearchSingaporeSingapore
  2. 2.Faculty of Information TechnologyMonash UniversityMelbourneAustralia
  3. 3.Department of Computer ScienceAalto UniversityGreater HelsinkiFinland
  4. 4.University of South AustraliaAdelaideAustralia

Personalised recommendations