Two-Factor Data Access Control With Efficient Revocation for Multi-Authority Cloud Storage Systems

Attribute-based encryption, especially for ciphertext-policy attribute-based encryption, can fulfill the functionality of fine-grained access control in cloud storage systems. Since users’ attributes may be issued by multiple attribute authorities, multi-authority ciphertext-policy attribute-based encryption is an emerging cryptographic primitive for enforcing attribute-based access control on outsourced data. However, most of the existing multi-authority attribute-based systems are either insecure in attribute-level revocation or lack of efficiency in communication overhead and computation cost. In this paper, we propose an attribute-based access control scheme with two-factor protection for multi-authority cloud storage systems. In our proposed scheme, any user can recover the outsourced data if and only if this user holds sufficient attribute secret keys with respect to the access policy and authorization key in regard to the outsourced data. In addition, the proposed scheme enjoys the properties of constant-size ciphertext and small computation cost. Besides supporting the attribute-level revocation, our proposed scheme allows data owner to carry out the user-level revocation. The security analysis, performance comparisons, and experimental results indicate that our proposed scheme is not only secure but also practical.

[1]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Dongqing Xie,et al.  Multi-authority ciphertext-policy attribute-based encryption with accountability , 2011, ASIACCS '11.

[4]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[5]  Tsz Hon Yuen,et al.  Fully Secure Multi-authority Ciphertext-Policy Attribute-Based Encryption without Random Oracles , 2011, ESORICS.

[6]  Jan Camenisch,et al.  Oblivious transfer with access control , 2009, IACR Cryptol. ePrint Arch..

[7]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[8]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[9]  Joseph K. Liu,et al.  Two-Factor Data Security Protection Mechanism for Cloud Storage System , 2016, IEEE Transactions on Computers.

[10]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[11]  Jianfeng Ma,et al.  New Algorithms for Secure Outsourcing of Modular Exponentiations , 2014, IEEE Trans. Parallel Distributed Syst..

[12]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[13]  Cheng Chen,et al.  Efficient Ciphertext Policy Attribute-Based Encryption with Constant-Size Ciphertext and Constant Computation-Cost , 2011, ProvSec.

[14]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[15]  Ratna Dutta,et al.  Recipient Anonymous Ciphertext-Policy Attribute Based Encryption , 2013, ICISS.

[16]  Jianfeng Ma,et al.  New Publicly Verifiable Databases with Efficient Updates , 2015, IEEE Transactions on Dependable and Secure Computing.

[17]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[18]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[19]  Xiaohua Jia,et al.  Attributed-Based Access Control for Multi-authority Systems in Cloud Storage , 2012, 2012 IEEE 32nd International Conference on Distributed Computing Systems.

[20]  Xiaohui Liang,et al.  Secure Threshold Multi Authority Attribute Based Encryption without a Central Authority , 2008, INDOCRYPT.

[21]  G. Ravi,et al.  Attribute Based Encryption With Verifiable Outsourced Decryption , 2014 .

[22]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[23]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[24]  Ling Cheung,et al.  Provably secure ciphertext policy ABE , 2007, CCS '07.

[25]  Jin Li,et al.  Attribute-Based Data Sharing with Flexible and Direct Revocation in Cloud Computing , 2014, KSII Trans. Internet Inf. Syst..

[26]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[27]  Dan Boneh,et al.  Fine-grained control of security capabilities , 2004, TOIT.

[28]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[29]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[30]  Hideki Imai,et al.  Conjunctive Broadcast and Attribute-Based Encryption , 2009, Pairing.

[31]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[32]  Man Ho Au,et al.  PERM: practical reputation-based blacklisting without TTPS , 2012, CCS.

[33]  Chen Yanli,et al.  Attribute-based access control for multi-authority systems with constant size ciphertext in cloud computing , 2016 .

[34]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[35]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[36]  Fuchun Guo,et al.  CP-ABE With Constant-Size Keys for Lightweight Devices , 2014, IEEE Transactions on Information Forensics and Security.

[37]  Bharat K. Bhargava,et al.  On the Security of Data Access Control for Multiauthority Cloud Storage Systems , 2017, IEEE Transactions on Services Computing.

[38]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[39]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[40]  Yong Tang,et al.  Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[41]  Willy Susilo,et al.  BLACR: TTP-Free Blacklistable Anonymous Credentials with Reputation , 2012, NDSS.

[42]  Xiaohua Jia,et al.  DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems , 2013, IEEE Transactions on Information Forensics and Security.

[43]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[44]  Zoe L. Jiang,et al.  Fully Secure Ciphertext-Policy Attribute Based Encryption with Security Mediator , 2014, ICICS.

[45]  Joonsang Baek,et al.  A Secure Cloud Computing Based Framework for Big Data Information Management of Smart Grid , 2015, IEEE Transactions on Cloud Computing.

[46]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[47]  Atsuko Miyaji,et al.  A ciphertext-policy attribute-based encryption scheme with constant ciphertext length , 2010, Int. J. Appl. Cryptogr..

[48]  Javier Herranz,et al.  Constant Size Ciphertexts in Threshold Attribute-Based Encryption , 2010, Public Key Cryptography.

[49]  Jianfeng Ma,et al.  Secure, efficient and revocable multi-authority access control system in cloud storage , 2016, Comput. Secur..

[50]  Brent Waters,et al.  Efficient Statically-Secure Large-Universe Multi-Authority Attribute-Based Encryption , 2015, Financial Cryptography.

[51]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[52]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[53]  Yunxiao Zu,et al.  The research of QoS guarantee mechanism of the secondary users in cognitive radio networks , 2016, China Communications.

[54]  Kui Ren,et al.  Attribute-based fine-grained access control with efficient revocation in cloud storage systems , 2013, ASIA CCS '13.