Dynamic Secure Cloud Storage with Provenance

  • Sherman S. M. Chow
  • Cheng-Kang Chu
  • Xinyi Huang
  • Jianying Zhou
  • Robert H. Deng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6805)


One concern in using cloud storage is that the sensitive data should be confidential to the servers which are outside the trust domain of data owners. Another issue is that the user may want to preserve his/her anonymity in the sharing or accessing of the data (such as in Web 2.0 applications). To fully enjoy the benefits of cloud storage, we need a confidential data sharing mechanism which is fine-grained (one can specify who can access which classes of his/her encrypted files), dynamic (the total number of users is not fixed in the setup, and any new user can decrypt previously encrypted messages), scalable (space requirement does not depend on the number of decryptors), accountable (anonymity can be revoked if necessary) and secure (trust level is minimized).

This paper addresses the problem of building a secure cloud storage system which supports dynamic users and data provenance. Previous system is based on specific constructions and does not offer all of the aforementioned desirable properties. Most importantly, dynamic user is not supported. We study the various features offered by cryptographic anonymous authentication and encryption mechanisms; and instantiate our design with verifier-local revocable group signature and identity-based broadcast encryption with constant size ciphertexts and private keys. To realize our concept, we equip the broadcast encryption with the dynamic ciphertext update feature, and give formal security guarantee against adaptive chosen-ciphertext decryption and update attacks.


Anonymity broadcast encryption cloud storage dynamic encryption group signatures pairings secure provenance 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boneh, D., Boyen, X.: Short Signatures Without Random Oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical Identity Based Encryption with Constant Size Ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Boneh, D., Shacham, H.: Group Signatures with Verifier-Local Revocation. In: Proceedings of ACM Conference on Computer and Communications Security (CCS 2004), pp. 168–177. ACM, New York (2004)CrossRefGoogle Scholar
  5. 5.
    Boyen, X., Waters, B.: Full-Domain Subgroup Hiding and Constant-Size Group Signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1–15. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Chase, M., Chow, S.S.M.: Improving Privacy and Security in Multi-Authority Attribute-Based Encryption. In: Proceedings of ACM Conference on Computer and Communications Security (CCS 2010), pp. 121–130 (2009)Google Scholar
  7. 7.
    Chow, S.S.M.: Real Traceable Signatures. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 92–107. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Chow, S.S.M.: Removing Escrow from Identity-Based Encryption. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 256–276. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Delerablée, C.: Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 200–215. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Even, S., Goldreich, O., Micali, S.: On-line/Off-line Digital Signatures. J. Cryptology 9(1), 35–67 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Lamport, L.: Constructing Digital Signatures from a One Way Function. Technical report (1979)Google Scholar
  12. 12.
    Lu, R., Lin, X., Liang, X., Shen, X.S.: Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing. In: Proceedings of ACM Symposium on Information, Computer & Communication Security (ASIACCS 2010), pp. 282–292. ACM, New York (2010)Google Scholar
  13. 13.
    Rabin, M.O.: Digitalized Signatures. In: Foundations of Secure Computations, pp. 155–166. Academic Press, London (1978)Google Scholar
  14. 14.
    Waters, B.: Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 53–70. Springer, Heidelberg (2011); Also available at Cryptology ePrint Archive, Report 2008/290 CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sherman S. M. Chow
    • 1
  • Cheng-Kang Chu
    • 2
  • Xinyi Huang
    • 2
  • Jianying Zhou
    • 2
  • Robert H. Deng
    • 3
  1. 1.University of WaterlooCanada
  2. 2.Institute for Infocomm ResearchSingapore
  3. 3.Singapore Management UniversitySingapore

Personalised recommendations