Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

IEEE Transactions on Parallel and Distributed Systems (Impact Factor: 2.17). 08/2011; DOI: 10.1109/TPDS.2010.203
Source: IEEE Xplore

ABSTRACT Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. We demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.

  • [Show abstract] [Hide abstract]
    ABSTRACT: Due to the high cost of building and maintaining specialized data centers, many PHR services are outsourced to or provided by third-party service providers, for example, Microsoft Health Vault. While it is exciting to have convenient PHR services for everyone, there are many security and privacy risks. Which could impede its wide adoption. The main concern is about whether the patients could actually control the sharing of their sensitive Personal Health Information (PHI), especially when they are stored on a third-party server which people may not fully trust. To assure the patients' control over access to their own PHRs, it is a promising method to encrypt the PHRs before outsourcing. In this paper, we propose a novel patient-centric framework and a suite of mechanisms for data access control to PHRs stored in semi-trusted servers. To achieve fine-grained and scalable data access control for PHRs, we leverage Attribute Based Encryption (ABE) techniques to encrypt each patient's PHR file. To ensure patient-centric privacy control over their own PHRs, it is essential to have fine-grained data access control mechanisms that work with semi-trusted servers. In order to protect the personal health data stored on a semi-trusted server, we adopt Attribute-Based Encryption (ABE) as the main encryption primitive. Using ABE, access policies are expressed based on the attributes of users or data, which enables a patient to selectively share her PHR among a set of users by encrypting the file under a set of attributes, without the need to know a complete list of users.
    National Conference on Research Issues and Recent Trends in Computer Science & Information Technology (NCRRCSIT 2013), Sir C R Reddy College of Engineering, Eluru, AP, India; 12/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Cloud computing has appeared as one of the most leading standards in the IT engineering in past decades. Since this innovative computing technology requires users to deliver their valuable data to cloud service providers, there have been growing security and privacy concerns on data from outside supplier. Several schemes employing Attribute-Based Encryption (ABE) have been suggested for access control of outsourced data in cloud computing; however, most of them suffer from rigidity in applying complex access control strategies. As the cloud uses virtualization in back end all the methods implemented in real platforms can also be implemented in cloud. In several scattered systems a user should only be able to access data if a user holds a certain set of passes or attributes. Recently, the only method for enforcing such policies is to employ a trusted server to store the data and intermediate access control. However, if safety of server storing the data is compromised, then the secrecy of the data will be exposed.
  • [Show abstract] [Hide abstract]
    ABSTRACT: The ciphertext-policy (CP) attribute-based encryption (ABE) (CP-ABE) emergings as a promising technology for allowing users to conveniently access data in cloud computing. Unfortunately, it suffers from several drawbacks such as decryption overhead, user revocation and privacy preserving. The authors proposed a new efficient and privacy-preserving attribute-based broadcast encryption (BE) (ABBE) named EP-ABBE, that can reduce the decryption computation overhead by partial decryption, and protect user privacy by obfuscating access policy of ciphertext and user's attributes. Based on EP-ABBE, a secure and flexible personal data sharing scheme in cloud computing was presented, in which the data owner can enjoy the flexibly of encrypting personal data using a specified access policy together with an implicit user index set. With the proposed scheme, efficient user revocation is achieved by dropping revoked user's index from the user index set, which is with very low computation cost. Moreover, the privacy of user can well be protected in the scheme. The security and performance analysis show that the scheme is secure, efficient and privacy-preserving.
    The Journal of China Universities of Posts and Telecommunications 12/2014; 21(6). DOI:10.1016/S1005-8885(14)60344-7