Revocation for Encrypted Data Stored with Replica

Data transmitted must be prevented from intruder’s interception because the information security grows more and more recently. Mostly, cryptography is used for the data protection. Encrypt-on-disk system costs re-encryption work when the user is revoked, while it offers improved performance of transmission over the encrypt-on-wire system. There are two methods for re-encryption after the revocation, active revocation and lazy revocation. When using active revocation, data is re-encrypted immediately after the revocation. While using lazy revocation, delays re-encryption to the next time the data is updated. There is the trade-off that active revocation is expensive because of immediately re-encryption, while lazy revocation is vulnerable because of delayed re-encryption. In this paper, we propose more efficient method for re-encryption after revocation on the basis of the distributed system which makes data replicas on the other disk node. And we evaluate the efficiency of the method by the experiments.

[1]  David J. DeWitt,et al.  Chained declustering: a new availability strategy for multiprocessor database machines , 1990, [1990] Proceedings. Sixth International Conference on Data Engineering.

[2]  Paul Stanton Securing Data in Storage: A Review of Current Research , 2004, ArXiv.

[3]  Hovav Shacham,et al.  SiRiUS: Securing Remote Untrusted Storage , 2003, NDSS.

[4]  Erik Riedel,et al.  A Framework for Evaluating Storage System Security , 2002, FAST.

[5]  Kevin Fu,et al.  Group Sharing and Random Access in Cryptographic Storage File Systems , 1999 .

[6]  Darrell D. E. Long,et al.  Strong Security for Network-Attached Storage , 2002, FAST.

[7]  Qian Wang,et al.  Plutus: Scalable Secure File Sharing on Untrusted Storage , 2003, FAST.

[8]  Haruo Yokota,et al.  Autonomous disks for advanced database applications , 1999, Proceedings 1999 International Symposium on Database Applications in Non-Traditional Environments (DANTE'99) (Cat. No.PR00496).