Efficiently Attribute-Based Access Control for Mobile Cloud Storage System

Similar with other outsourced services, cloud storage faces the serious issue of user data security. To keep data confidential against unauthorized cloud servers and users, Attribute-Based Encryption (ABE) for access control is widely adopted. However, ABE-based access control schemes are being criticized for their high computation overhead, such as in key generation, decryption and revocation. Considering the mobile cloud storage environment where these computation tasks are executed by mobile devices or sensors, this drawback appears more serious. In this paper, we propose an efficient and secure attribute-based access control scheme for mobile cloud storage. Specifically, we construct the first Key-Policy ABE (KP-ABE) scheme with outsourced key generation and decryption, and propose an efficient revocation method for it. Moreover, we prove the proposed scheme is immune to the collusion attack and secure in the standard model. Extensive experiment demonstrates that the efficient key generation, decryption, and revocation are achieved with the help of the cloud servers.

[1]  Dengguo Feng,et al.  A Secure and Efficient Role-Based Access Policy towards Cryptographic Cloud Storage , 2011, WAIM.

[2]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[3]  Hideki Imai,et al.  Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes , 2009, IMACC.

[4]  Dengguo Feng,et al.  Towards Attribute Revocation in Key-Policy Attribute Based Encryption , 2011, CANS.

[5]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[6]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[7]  Robert H. Deng,et al.  Attribute-Based Encryption With Verifiable Outsourced Decryption , 2013, IEEE Transactions on Information Forensics and Security.

[8]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[9]  Jianfeng Ma,et al.  Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption , 2013, ESORICS.

[10]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[11]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[12]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[13]  Zhibin Zhou,et al.  Efficient and secure data storage operations for mobile cloud computing , 2012, 2012 8th international conference on network and service management (cnsm) and 2012 workshop on systems virtualiztion management (svm).

[14]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[15]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[16]  Dengguo Feng,et al.  A secure and efficient revocation scheme for fine-grained access control in cloud storage , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[17]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[18]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[19]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.