Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage

It is secure for customers to store and share their sensitive data in the cryptographic cloud storage. However, the revocation operation is a sure performance killer in the cryptographic access control system. To optimize the revocation procedure, we present a new efficient revocation scheme which is efficient, secure, and unassisted. In this scheme, the original data are first divided into a number of slices, and then published to the cloud storage. When a revocation occurs, the data owner needs only to retrieve one slice, and re-encrypt and re-publish it. Thus, the revocation process is accelerated by affecting only one slice instead of the whole data. We have applied the efficient revocation scheme to the ciphertext-policy attribute-based encryption (CP-ABE) based cryptographic cloud storage. The security analysis shows that our scheme is computationally secure. The theoretically evaluated and experimentally measured performance results show that the efficient revocation scheme can reduce the data owner’s workload if the revocation occurs frequently.

[1]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[2]  Jianguo Xie,et al.  Fully Secure Unbounded Revocable Key-Policy Attribute-Based Encryption Scheme , 2016, SpaCCS.

[3]  Matthew N. O. Sadiku,et al.  Cloud Computing: Opportunities and Challenges , 2014, IEEE Potentials.

[4]  Dong-Yuan Shi,et al.  Privacy-preserving Cloud-based Personal Health Record System Using Attribute-based Encryption and Anonymous Multi-ReceiverIdentity-based Encryption , 2015, Informatica.

[5]  Kristin E. Lauter,et al.  Cryptographic Cloud Storage , 2010, Financial Cryptography Workshops.

[6]  Michael Backes,et al.  Lazy revocation in cryptographic file systems , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[7]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[8]  Xiaolei Dong,et al.  Fully secure revocable attribute-based encryption , 2011 .

[9]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[10]  Benoît Libert,et al.  Unidirectional Chosen-Ciphertext Secure Proxy Re-Encryption , 2008, IEEE Transactions on Information Theory.

[11]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[12]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[13]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[14]  Brent Waters,et al.  Secure attribute-based systems , 2006, CCS '06.

[15]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[16]  Zhiqian Xu,et al.  Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption in Cloud Storage , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[17]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[18]  Hideki Imai,et al.  Attribute-Based Encryption Supporting Direct/Indirect Revocation Modes , 2009, IMACC.

[19]  Jing Liu,et al.  Insecurity of Cheng et al.'s Efficient Revocation in Ciphertext-Policy Attribute-Based Encryption Based Cryptographic Cloud Storage , 2017, ISPA/IUCC.

[20]  Sara Foresti,et al.  Preserving Privacy in Data Outsourcing , 2010, Advances in Information Security.

[21]  Ethan L. Miller,et al.  POTSHARDS: Secure Long-Term Storage Without Encryption , 2007, USENIX Annual Technical Conference.

[22]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[23]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[24]  Xinwen Zhang,et al.  CL-PRE: a certificateless proxy re-encryption scheme for secure data sharing with public cloud , 2012, ASIACCS '12.

[25]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[26]  Allison Bishop,et al.  Revocation Systems with Very Small Private Keys , 2010, 2010 IEEE Symposium on Security and Privacy.

[27]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[28]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[29]  Sourav Mukhopadhyay,et al.  Adaptively Secure Unrestricted Attribute-Based Encryption with Subset Difference Revocation in Bilinear Groups of Prime Order , 2016, AFRICACRYPT.

[30]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[31]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[32]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[33]  Avik Chaudhuri,et al.  Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[34]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[35]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[36]  James S. Plank,et al.  AONT-RS: Blending Security and Performance in Dispersed Storage Systems , 2011, FAST.

[37]  Rajesh Ingle,et al.  Key Management for Cloud Data Storage: Methods and Comparisons , 2014, 2014 Fourth International Conference on Advanced Computing & Communication Technologies.

[38]  Yogesh Simmhan,et al.  Designing a secure storage repository for sharing scientific datasets using public clouds , 2011, DataCloud-SC '11.

[39]  Yang Tang,et al.  Secure Overlay Cloud Storage with Access Control and Assured Deletion , 2012, IEEE Transactions on Dependable and Secure Computing.

[40]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[41]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[42]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[43]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.