Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

IEEE Transactions on Parallel and Distributed Systems (Impact Factor: 2.17). 08/2011; 22(7):1214 - 1221. DOI: 10.1109/TPDS.2010.203
Source: IEEE Xplore


Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. We demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.

265 Reads
  • Source
    • "Since the introduction of ABE, there have been advances in multiple directions . The application of outsourcing computation [18], [19] is one of an important direction. Green et al. [2] designed the first ABE with outsourced decryption scheme to reduce the computation cost during decryption . "
    IEEE Transactions on Parallel and Distributed Systems 01/2015; DOI:10.1109/TPDS.2015.2392752 · 2.17 Impact Factor
  • Source
    • "Aiming at reducing the computation overhead of data service manager, Xie et al. [44] proposed new CP-ABE construction with efficient user and attribute revocation. Compared with Hur and Noh's [43], in the key update phase, the computation overhead of the data service manager will be reduced by half. "
    [Show abstract] [Hide abstract]
    ABSTRACT: With the development of cryptography, the attribute-based encryption (ABE) draws widespread attention of the researchers in recent years. The ABE scheme, which belongs to the public key encryption mechanism, takes attributes as public key and associates them with the ciphertext or the user's secret key. It is an efficient way to solve open problems in access control scenarios, for example, how to provide data confidentiality and expressive access control at the same time. In this paper, we survey the basic ABE scheme and its two variants: the key-policy ABE (KP-ABE) scheme and the ciphertext-policy ABE (CP-ABE) scheme. We also pay attention to other researches relating to the ABE schemes, including multiauthority, user/attribute revocation, accountability, and proxy reencryption, with an extensive comparison of their functionality and performance. Finally, possible future works and some conclusions are pointed out.
    07/2014; 2014:193426. DOI:10.1155/2014/193426
  • Source
    • "Moreover, this would require updating ciphertexts maintained at the server. Ÿ Recently, group key technology was integrated with ABE to solve the revocation problem [15] but these kinds of solutions do not go well with SE since it only increase the required number of fully trusted servers. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Recently, the need for outsourcing sensitive data has grown due to the wide spreading of cost-effective and flexible cloud service. However, there is a fundamental concern in using such service since users have to trust external servers. Therefore, searchable encryption can be a very valuable tool to meet the security requirements of data outsourcing. However, most of work on searchable encryption focus only on privacy preserving search function and relatively lacks research on encryption mechanism used to actually encrypt data. Without a suitable latter mechanism, searchable encryption cannot be deployed in real world cloud services. In this paper, we analyze previously used and possible data encryption mechanisms for multi-user searchable encryption system and discuss their pros and cons. Our results show that readily available tools such as broadcast encryption, attribute-based encryption, and proxy re-encryption do not provide suitable solutions. The main problem with existing tools is that they may require separate fully trusted servers and the difficulty in preventing collusion attacks between outsiders and semi-trusted servers.
    09/2013; 18(9). DOI:10.9708/jksci.2013.18.9.079
Show more