In time-bound access control, access to the system resources by authorized users is limited to specific time periods. In 2012, Vimercati, Foresti, Jajodia and Livraga proposed a scheme for time-bound access control to outsourced data in cloud using hierarchical key derivation structure. We show that their scheme has a security flaw. A user, after access right revocation, can still have access to the resources associated to his revoked subscription interval. There is a scheme by Wang, Li, Owens and Bhargava for efficient revocation in data outsourcing scenario. The main advantage of their scheme is that it does not require data block re-encryption and updates when any user's access right changes. It has a disadvantage that any change in access right of a single user, requires the data owner to recompute and distribute access certificates to all the users who requires further data access. In order to mitigate the security flaw of Vimercati et al. scheme, we present a solution based on the data access mechanism proposed by Wang et al. such that any user's access right revocation will be independent of other user's data access. Our solution removes their drawback without sacrificing other desirable properties of the original scheme.
[1]
Wen-Guey Tzeng,et al.
A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy
,
2002,
IEEE Trans. Knowl. Data Eng..
[2]
Elisa Bertino,et al.
An access control model supporting periodicity constraints and temporal reasoning
,
1998,
TODS.
[3]
Indranil Sengupta,et al.
Secured Cloud Storage Scheme Using ECC Based Key Management in User Hierarchy
,
2011,
ICISS.
[4]
Mikhail J. Atallah,et al.
Dynamic and efficient key management for access hierarchies
,
2005,
CCS '05.
[5]
Anish Mathuria,et al.
An Efficient Key Assignment Scheme for Access Control in a Hierarchy
,
2006,
ICISS.
[6]
Bharat K. Bhargava,et al.
Secure and efficient access to outsourced data
,
2009,
CCSW '09.
[7]
Sushil Jajodia,et al.
A data outsourcing architecture combining cryptography and access control
,
2007,
CSAW '07.
[8]
Selim G. Akl,et al.
Cryptographic solution to a problem of access control in a hierarchy
,
1983,
TOCS.
[9]
Sushil Jajodia,et al.
Enforcing Subscription-Based Authorization Policies in Cloud Scenarios
,
2012,
DBSec.