Extended Proxy-Assisted Approach: Achieving Revocable Fine-Grained Encryption of Cloud Data

Attribute-based encryption has the potential to be deployed in a cloud computing environment to provide scalable and fine-grained data sharing. However, user revocation within ABE deployment remains a challenging issue to overcome, particularly when there

  • PDF / 411,477 Bytes
  • 21 Pages / 439.37 x 666.142 pts Page_size
  • 9 Downloads / 174 Views

DOWNLOAD

REPORT

2

3

Institute for Infocomm Research, Singapore, Singapore {yyang,jyzhou}@i2r.a-star.edu.sg Faculty of Information Technology, Monash University, Melbourne, Australia [email protected] Department of Computer Science, Aalto University, Greater Helsinki, Finland [email protected] 4 University of South Australia, Adelaide, Australia [email protected]

Abstract. Attribute-based encryption has the potential to be deployed in a cloud computing environment to provide scalable and fine-grained data sharing. However, user revocation within ABE deployment remains a challenging issue to overcome, particularly when there is a large number of users. In this work, we introduce an extended proxy-assisted approach, which weakens the trust required of the cloud server. Based on an all-or-nothing principle, our approach is designed to discourage a cloud server from colluding with a third party to hinder the user revocation functionality. We demonstrate the utility of our approach by presenting a construction of the proposed approach, designed to provide efficient cloud data sharing and user revocation. A prototype was then implemented to demonstrate the practicality of our proposed construction.

1

Introduction

Cloud storage services (e.g. Dropbox, Microsoft’s Azure storage, and Amazon’s S3) enable users to upload and store their data remotely in the cloud environment as well as accessing and downloading the remotely stored data in realtime using a web browser or a mobile application [24]. To ensure the security and privacy of user data [9], particularly against an untrusted cloud service provider, one could encrypt the data prior to uploading and storing the data in the cloud [8,10,11,15,16,18,35]. In practice, data encryption often serves as an access control mechanism in cloud data sharing, where end users’ decryption capabilities are defined based on a specified access control policy. For instance, a scientific research team may choose to share their research data and findings (that are stored in a cloud server) in real-time with their team workers [19], based on some pre-determined attributes or roles. To provide the scalability and flexibility of real-time data sharing, a fine-grained access control is required. c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part II, LNCS 9327, pp. 146–166, 2015. DOI: 10.1007/978-3-319-24177-7 8

An Extended Proxy-Assisted User Revocation

147

Attribute-based encryption (ABE) [4,13,14,20,28] has been identified as a suitable solution to enforce fine-grained decryption rights. ABE can be broadly categorized into key policy ABE (KP-ABE) and ciphertext policy ABE (CP-ABE). KP-ABE allows data to be encrypted with a set of attributes, and each decryption key is associated with an access policy (defined in terms of attributes); while CP-ABE is complementary – data are encrypted and tagged with the pre-determined access policy, and a decryption key is associated with the set of attributes. In either type, a ciphertext can be decrypted using

Data Loading...

Recommend Documents
Server-Aided Revocable Identity-Based Encryption

181 2 453KB

Revocable Attribute-Based Encryption Scheme with Arithmetic Span Program for Cloud-Assisted IoT

135 13 67MB

R-OO-KASE: Revocable Online/Offline Key Aggregate Searchable Encryption

157 51 4MB

Auto encryption algorithm for uploading data on cloud storage

171 76 728KB

CRUPA: collusion resistant user revocable public auditing of shared data in cloud

175 78 1MB

Data Encryption

166 68 2MB

Multi-server searchable data crypt: searchable data encryption scheme for secure distributed cloud storage

192 48 4MB

ESKEA: Enhanced Symmetric Key Encryption Algorithm Based Secure Data Storage in Cloud Networks with Data Deduplication

173 102 2MB

Secure Cloud Encryption Using File Hierarchy Attribute

155 65 57MB

Data Encryption Standard (DES) and Advanced Encryption Standard (AES)

163 93 27MB

Data Encryption Standard (DES) and Advanced Encryption Standard (AES)

168 75 8MB

Secure data transmission on a distributed cloud server with the help of HMCA and data encryption using optimized CP-ABE-

114 62 1MB