Method of secure, scalable, and fine-grained data access control with efficient revocation in untrusted cloud

doi:10.1016/S1005-8885(15)60637-9

Acta Metallurgica Sinica(English letters) ›› 2015, Vol. 22 ›› Issue (2): 38-43.doi: 10.1016/S1005-8885(15)60637-9

• Security • Previous Articles Next Articles

Method of secure, scalable, and fine-grained data access control with efficient revocation in untrusted cloud

Ling-Wei SONG

Received:2014-05-21 Revised:2014-09-30 Online:2015-04-30 Published:2015-04-22
Contact: Ling-Wei SONG E-mail:songlw@bupt.edu.cn
Supported by:
Digital Right Management Technology Research and Development Project;Beijing Higher Education Young Elite Teacher Project;Specialized Research Fund for the Doctoral Program of Higher Education;National Key project of Scientific and Technical Supporting Programs of China;National 863 Program (2012AA012606)

Abstract

Abstract:

Cloud computing is a developing computing paradigm in which resources of the computing infrastructure are provided as services over the network. Hopeful as it is, this paradigm also brings new challenges for data security and encryption storage when date owner stores sensitive data for sharing with untrusted cloud servers. When it comes to fine-grained data and scalable access control, a huge computation for key distribution and data management is required. In this article, we achieved this goal by exploiting and uniquely combining techniques of ciphertext-policy attribute-based encryption (CP-ABE), linear secret sharing schemes (LSSS), and counter (CTR) mode encryption. The proposed scheme is highly efficient by conducting the revocation on attribute level rather than on user level. The goals of data confidentiality and no collusion attack (even the cloud servers (CS) collude with users), as well as ones of fine-grainedness and scalability, are also achieved in our access structure.

Key words:

CP-ABE, revocation, fine-grained, counter mode encryption, cloud computing

Ling-Wei SONG Yu Fang Zhang Ru Niu Xinxin. Method of secure, scalable, and fine-grained data access control with efficient revocation in untrusted cloud[J]. Acta Metallurgica Sinica(English letters), 2015, 22(2): 38-43.

References

1. Harney H, Colgrove A, McDaniel P D. Principles of policy in secure groups. Proceedings of the 8th Annual Symposium on Network and Distributed System Security (NDSS’01), Feb 7-9, 2001, San Diego, CA, USA. New York, NY, USA: ACM, 2001: 66-74

2. Yu T, Winslett M. A unified scheme for resource protection in automated trust negotiation. Proceedings of the 2003 Symposium on Security and Privacy (S&P’03), May 11-14, 2003, Los Alamitos, CA, USA. Washington, DC, USA: IEEE Computer Society, 2003: 110-112

3. Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. Proceedings of the 2007 Symposium on Security and Privacy (S&P’07), May 20-23, 2007, Berkeley, CA, USA. Washington, DC, USA: IEEE Computer Society, 2007: 321-334

4. Waters B. Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. Proceedings of the 14th International Conference on Practice and Theory in Public Key Cryptography (PKC’11), May 6-9, 2011, Taormina, Italy. LNCS 6571. Berlin, Germany: Springer-Verlag, 2011: 53-70

5. Yang K, Jia X, Ren K. Attribute-based fine-grained access control with efficient revocation in cloud storage systems. Proceedings of the 8th ACM SIGSAC International Symposium on Information, Computer and Communications Security (ASIACCS’13), Mar 8-10, 2013, Hangzhou, China. New York, NY, USA: ACM, 2013: 523-528

6. Yang K, Jia X. Security for cloud storage systems. New York, NY, USA: Springer, 2014: 39-58

7. Attrapadung N, Imai H. Conjunctive broadcast and attribute-based encryption. Proceedings of the 3rd International Conference on Pairing-based Cryptography (Pairing’09), Aug 12-14, 2009, Palo Alto, CA, USA. LNCS 5671. Berlin, Germany: Springer-Verlag, 2009: 248-256

8. Attrapadung N, Imai H. Attribute-based encryption supporting direct/indirect revocation modes. Proceedings of the 12th IMA International Conference on Cryptography and Coding (IMACC’09), Dec 15-17, 2009, Cirencester, UK. LNCS 5921. Berlin,Germany: Springer-Verlag, 2009: 278-300

9. Hur J, Noh D K. Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Transactions on Parallel and Distributed Systems, 2011, 22(7): 1214-1221

10. Yu S, Wang C, Ren K, et al. Achieving secure, scalable, and fine-grained data access control in cloud computing. Proceedings of the 29th Annual Joint Conference of the IEEE Computer and Communications (INFOCOM’10), Mar 14-19, 2010, San Diego, CA, USA. Piscataway, NJ, USA: IEEE, 2010: 9p

11. Boneh D, Goh E J, Nissim K. Evaluating 2-DNF formulas on ciphertexts. Proceedings of the 2nd International Conference on Theory of Cryptography (TCC’05), Feb 10-12, 2005, Cambridge, MA, USA. LNCS 3378. Berlin, Germany: Springer-Verlag, 2005: 325-341

12. Beimel A. Secure schemes for secret sharing and key distribution. Ph. D. Thesis. Haifa, Israel: Israel Institute of Technology, 1996

Metrics

Comments

Copyright © 2020 The Journal of China Universities of Posts and Telecommunications
　 Adress: P.O. Box 231,Beijing University of Posts and Telecommunications,10 Xi Tucheng Road,Beijing 100876,P.R.China　Post Code: 100081
Tel：86-010-62282493　Fax： 86-010-62283461　E-mail: jchupt@bupt.edu.cn
Support by: Beijing Magtech Co.Ltd

Method of secure, scalable, and fine-grained data access control with efficient revocation in untrusted cloud

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 0

Recommended Articles

Metrics

Comments