Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Networks

SecureComm 2014: International Conference on Security and Privacy in Communication Networks pp 341–356Cite as

Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage

  • Conference paper
  • First Online:

  • 799 Accesses

Abstract

To protect sensitive data from unauthorized access, encrypting data at the user end before outsourcing them to the cloud storage, has become a common practice. In this case, the access control policy is enforced through assigning proper cryptographic keys among collaborators. However, when the access control policy needs to be updated (e.g. new collaborators join or some collaborators leave), it is very costly for the data owner or other parties to re-encrypt the data with a new key in order to satisfy the new policy. To address this problem, we propose a dual-header structure and batch revocation, which makes the overhead for privileges grant independent of data size and significantly improves the efficiency of privilege revocation by applying lazy revocation to certain groups of revocation requests, respectively. We also analyze the overhead for authorization showing that our approach is able to efficiently manage frequent policy updates.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. (TODS) 35, 12:1–12:46 (2010)

    Google Scholar 

  2. Liu, Q., Wang, G., Wu, J.: Time-based proxy re-encryption scheme for secure data sharing in a cloud environment. Information Sciences (2012)

    Google Scholar 

  3. Hohenberger, S.R., Fu, K., Ateniese, G., Green, M., et al.: Unidirectional proxy re-encryption. US Patent 8,094,810, 10 January 2012

    Google Scholar 

  4. Di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 123–134, VLDB endowment (2007)

    Google Scholar 

  5. Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) RLCPS, WECSR, and WLC 2010. LNCS, vol. 6054, pp. 136–149. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Backes, M., Cachin, C., Oprea, A.: Lazy revocation in cryptographic file systems. In: Proceedings of IEEE Security in Storage Workshop (SISW 2005), pp. 1–11. IEEE (2005)

    Google Scholar 

  7. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX Conference on File and Storage Technologies, vol. 42, pp. 29–42 (2003)

    Google Scholar 

  8. Resch, J.K., Plank, J.S.: AONT-RS: blending security and performance in dispersed storage systems. In: 9th Usenix Conference on File and Storage Technologies, FAST-2011 (2011)

    Google Scholar 

  9. Goh, E.-J., Shacham, H., Modadugu, N., Boneh, D.: SIRIUS: Securing remote untrusted storage. In: Proceedings NDSS, vol. 3 (2003)

    Google Scholar 

  10. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. In: INFOCOM, 2010 Proceedings IEEE, pp. 1–9. IEEE (2010)

    Google Scholar 

  12. Li, M., Yu, S., Ren, K., Lou, W.: Securing personal health records in cloud computing: patient-centric and fine-grained data access control in multi-owner settings. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 89–106. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Wang, G., Liu, Q., Wu, J.: Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 735–737. ACM (2010)

    Google Scholar 

  14. Ivan, A., Dodis, Y.: Proxy cryptography revisited. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2003)

    Google Scholar 

  15. Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 1–30 (2006)

    Article  MATH  Google Scholar 

  16. De Capitani di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: A data outsourcing architecture combining cryptography and access control. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, pp. 63–69. ACM (2007)

    Google Scholar 

  17. Raykova, M., Zhao, H., Bellovin, S.M.: Privacy enhanced access control for outsourced data sharing. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 223–238. Springer, Springer (2012)

    Chapter  Google Scholar 

  18. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Support for write privileges on outsourced data. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 199–210. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  19. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Enforcing dynamic write privileges in data outsourcing. Comput. Secur. 39, 47–63 (2013)

    Article  Google Scholar 

  20. Fu, K.E..: Group sharing and random access in cryptographic storage file systems. Ph.D. thesis, Massachusetts Institute of Technology (1999)

    Google Scholar 

  21. Zarandioon, S., Yao, D.D., Ganapathy, V.: K2C: cryptographic cloud storage with lazy revocation and anonymous access. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 59–76. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  22. Grolimund, D., Meisser, L., Schmid, S., Wattenhofer, R.: Cryptree: A folder tree structure for cryptographic file systems. In: 25th IEEE Symposium on Reliable Distributed Systems, SRDS 2006, pp. 189–198. IEEE (2006)

    Google Scholar 

Download references

Acknowledgment

This work is supported by by National 973 Program of China under award No. 2014CB340603.

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Weiyu Jiang, Zhan Wang, Limin Liu & Neng Gao

  2. Data Assurance and Communication Security Research Center of Chinese Academy of Sciences, Beijing, China

    Weiyu Jiang, Zhan Wang, Limin Liu & Neng Gao

  3. University of Chinese Academy of Sciences, Beijing, China

    Weiyu Jiang

Authors
  1. Weiyu Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Limin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Neng Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weiyu Jiang .

Editor information

Editors and Affiliations

  1. CAS, Institute of Information Engineering, Beijing, China

    Jin Tian

  2. Institute of Information Engineering, Beijing, China

    Jiwu Jing

  3. IBM Thomas J. Watson Research Center, New York, New York, USA

    Mudhakar Srivatsa

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Jiang, W., Wang, Z., Liu, L., Gao, N. (2015). Towards Efficient Update of Access Control Policy for Cryptographic Cloud Storage. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23802-9_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23801-2

  • Online ISBN: 978-3-319-23802-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation