Efficient attribute-based encryption with attribute revocation for assured data deletion

Abstract Cloud storage allows customers to store their data on remote cloud servers. With the advantage of reducing the burden of data management and storage, an increasing number of users prefer to store their data on the cloud. While secure data deletion is a crucial, it is a challenging issue in cloud storage. Logically deleted data may be easily exposed to un-authorized users in the cloud storage scenario thanks to its salient features such as multi-tenancy, virtualization and elasticity. Moreover, cloud servers might not delete customers’ data as instructed for hidden business interest. Hence, assured deletion is highly sought after. It helps preserve cloud users’ data privacy and is a necessary component of data retention regulations in cloud storage. In this paper, we first investigate the goals of assured data deletion and formalize its security model.Then, we propose a key-policy attribute-based encryption scheme for assured deletion (AD-KP-ABE) of cloud data. Our construction makes use of the attribute revocation cryptographic primitive and Merkle Hash Tree to achieve fine-grained access control and verifiable data deletion. The proposed AD-KP-ABE enjoys desirable properties such as no secret key update, partial ciphertext update and assured data deletion. The detailed security proof and implementation results demonstrate the security and practicality of our proposal.

[1]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[2]  Shigang Chen,et al.  On Deletion of Outsourced Data in Cloud Computing , 2014, 2014 IEEE 7th International Conference on Cloud Computing.

[3]  Darrell M. West,et al.  Privacy and Security in Cloud Computing , 2010 .

[4]  Rajkumar Buyya,et al.  Dynamic remote data auditing for securing big data storage in cloud computing , 2017, Inf. Sci..

[5]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[6]  Reihaneh Safavi-Naini,et al.  LoSt: location based storage , 2012, CCSW '12.

[7]  Jose M. Such,et al.  Assured Deletion in the Cloud: Requirements, Challenges and Future Directions , 2016, CCSW.

[8]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[9]  Giuseppe Ateniese,et al.  Proofs of Space: When Space Is of the Essence , 2014, SCN.

[10]  Yang Tang,et al.  FADE: Secure Overlay Cloud Storage with File Assured Deletion , 2010, SecureComm.

[11]  Radia J. Perlman,et al.  File system design with assured delete , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[12]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, ASIACRYPT.

[13]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[14]  Keke Gai,et al.  Intelligent cryptography approach for secure distributed big data storage in cloud computing , 2017, Inf. Sci..

[15]  Yi Mu,et al.  Public Integrity Auditing for Dynamic Data Sharing With Multiuser Modification , 2015, IEEE Transactions on Information Forensics and Security.

[16]  Kim-Kwang Raymond Choo,et al.  Fuzzy Identity-Based Data Integrity Auditing for Reliable Cloud Storage Systems , 2019, IEEE Transactions on Dependable and Secure Computing.

[17]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[18]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[19]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[20]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[21]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[22]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[23]  Yong Yu,et al.  Identity-Based Remote Data Integrity Checking With Perfect Data Privacy Preserving for Cloud Storage , 2017, IEEE Transactions on Information Forensics and Security.

[24]  Hubert Ritzdorf,et al.  Secure data deletion from persistent media , 2013, CCS.

[25]  Srdjan Capkun,et al.  On Secure Data Deletion , 2014, IEEE Secur. Priv..

[26]  Bu-Sung Lee,et al.  How to Track Your Data: Rule-Based Data Provenance Tracing Algorithms , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[27]  Aggelos Kiayias,et al.  Efficient Proofs of Secure Erasure , 2014, SCN.

[28]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[29]  Athanasios V. Vasilakos,et al.  Security in cloud computing: Opportunities and challenges , 2015, Inf. Sci..