Updating Policies in CP-ABE-Based Access Control: An Optimized and Secure Service

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9846)

Abstract

Policy update management is one of the key problems in the ciphertext policy-attribute-based encryption (CP-ABE) supporting access control in data outsourcing scenario. The problem is that the policy is tightly coupled with the encryption itself. Hence, if the policy is updated, the data owner needs to re-encrypt files and sends them back to the cloud. This incurs overheads including computation, communication, and maintenance cost at data owner side. The computation and communication overheads are even more costly if there are frequent changes of access control elements such as users, attributes and access rules. In this paper, we extend the capability of our access control scheme: C-CP-ARBE to be capable to support secure and flexible policy updating in data outsourcing environment. We propose a policy updating method and exploit a very lightweight proxy re-encryption (VL-PRE) technique to enable policies to be dynamically and effectively updated in the cloud. Finally, we demonstrate the efficiency and performance of our proposed scheme through our evaluation and implementation.

References

  1. 1.
    Fugkeaw, S., Sato, H.: An extended CP-ABE based access control model for data outsourced in the cloud. In: Proceedings of the International Workshop on Middleware for Cyber Security, Cloud Computing and Internetworking (MidCCI 2015), pp. 73–78. IEEE (2015)Google Scholar
  2. 2.
    Wan, Z., Liu, J., Deng, H.R.: HASBE: a hierarchical attribute-based solution for flexible and scalable access control in cloud computing. IEEE Trans. Inf. Forensics Secur. 7(2), 743–754 (2012)CrossRefGoogle Scholar
  3. 3.
    Yang, K., Jia, X., Ren, K., Xie, R., Huang, L.: Enabling efficient access control with dynamic policy updating for big data in the cloud. In: Proceedings of the International Conference on Computer Communications (INFOCOM 2014), pp. 2013–2021. IEEE (2014)Google Scholar
  4. 4.
    Li, M., Yu, S., Zheng, Y., Ren, K., Lou, W.: Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE Trans. Parallel Distrib. Syst. 24(1), 131–143 (2013)CrossRefGoogle Scholar
  5. 5.
    Yang, K., Jia, X., Ren, K., Zhang, B., Xie, R.: Expressive, efficient, and revocable data access control for multi-authority cloud storage. IEEE Trans. Parallel Distrib. Syst. 25(7), 1735–1744 (2014)CrossRefGoogle Scholar
  6. 6.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the International Conference on Computer and Communications Security (CCS 2006), pp. 89–98. ACM (2006)Google Scholar
  7. 7.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of IEEE Symposium of Security and Privacy, pp. 321–334. IEEE (2007)Google Scholar
  8. 8.
    Fugkeaw, S.: Achieving privacy and security in multi-owner data outsourcing. In: Proceedings of the International Conference on Digital and Information Management (ICDIM 2012), pp. 239–244. IEEE (2012)Google Scholar
  9. 9.
    Yang, K., Jia, X., Ren, K.: Secure and verifiable policy update outsourcing for big data access control in the cloud. IEEE Trans. Parallel Distrib. Syst. (TPDS) 26(12), 3461–3470 (2015). IEEECrossRefGoogle Scholar
  10. 10.
    Tysowski, P.K., Hasan, M.A.: Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds. IEEE Trans. Cloud Comput. 1(2), 172–186 (2013). IEEECrossRefGoogle Scholar
  11. 11.
    Mambo, M., Okamoto, E.: Proxy cryptosystems: delegation of the power to decrypt ciphertexts. IEICE Trans. E80-A(1), 54–63 (1997)Google Scholar
  12. 12.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9, 1–30 (2006). ACMCrossRefMATHGoogle Scholar
  13. 13.
    Sahai, A., Seyalioglu, H., Waters, B.: Dynamic credentials and ciphertext delegation for attribute-based encryption. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 199–217. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Liang, X., Cao, Z., Lin, H., Shao, J.: Attribute based proxy re-encryption with delegating capabilities. In: Li, W., Susilo, W., Tupakula, K.U., Safavi-Naini, R., Varadharajan, V. (eds.) ASIACCS, pp. 276–286. ACM, New York (2009)CrossRefGoogle Scholar
  15. 15.
    Liang, K., Liu, J.K., Wong, D.S., Susilo, W.: An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing. In: Kutyłowski, M., Vaidya, J. (eds.) ICAIS 2014, Part I. LNCS, vol. 8712, pp. 257–272. Springer, Heidelberg (2014)Google Scholar
  16. 16.
    Lai, J., Deng, R.H., Yang, Y., Weng, J.: Adaptable ciphertext-policy attribute-based encryption. In: Cao, Z., Zhang, F. (eds.) Pairing 2013. LNCS, vol. 8365, pp. 199–214. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  17. 17.
    Kawai, Y.: Outsourcing the re-encryption key generation: flexible ciphertext-policy attribute-based proxy re-encryption. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 301–315. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Fugkeaw, S., Sato, H.: Embeding lightweight proxy re-encryption for efficient attribute revocation in cloud computing. Int. J. High Perform. Comput. Netw. (in press)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  1. 1.Department of Electrical Engineering and Information SystemsThe University of TokyoTokyoJapan

Personalised recommendations