Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems
ABSTRACT Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. We demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.
- 12/2015; 5(1). DOI:10.1186/s13673-015-0027-0
- [Show abstract] [Hide abstract]
ABSTRACT: Cloud computing has appeared as one of the most leading standards in the IT engineering in past decades. Since this innovative computing technology requires users to deliver their valuable data to cloud service providers, there have been growing security and privacy concerns on data from outside supplier. Several schemes employing Attribute-Based Encryption (ABE) have been suggested for access control of outsourced data in cloud computing; however, most of them suffer from rigidity in applying complex access control strategies. As the cloud uses virtualization in back end all the methods implemented in real platforms can also be implemented in cloud. In several scattered systems a user should only be able to access data if a user holds a certain set of passes or attributes. Recently, the only method for enforcing such policies is to employ a trusted server to store the data and intermediate access control. However, if safety of server storing the data is compromised, then the secrecy of the data will be exposed.
- [Show abstract] [Hide abstract]
ABSTRACT: In the Internet of Things a code resolution service provides a discovery mechanism for a requester to obtain the information resources associated with a particular product code immediately. In large scale application scenarios a code resolution service faces some serious issues involving heterogeneity, big data and data ownership. A code resolution service network is required to address these issues. Firstly, a list of requirements for the network architecture and code resolution services is proposed. Secondly, in order to eliminate code resolution conflicts and code resolution overloads, a code structure is presented to create a uniform namespace for code resolution records. Thirdly, we propose a loosely coupled distributed network consisting of heterogeneous, independent; collaborating code resolution services and a SkipNet based code resolution service named SkipNet-OCRS, which not only inherits DHT’s advantages, but also supports administrative control and autonomy. For the external behaviors of SkipNet-OCRS, a novel external behavior mode named QRRA mode is proposed to enhance security and reduce requester complexity. For the internal behaviors of SkipNet-OCRS, an improved query algorithm is proposed to increase query efficiency. It is analyzed that integrating SkipNet-OCRS into our resolution service network can meet our proposed requirements. Finally, simulation experiments verify the excellent performance of SkipNet-OCRS.Sensors 12/2012; 12(11):15206-43. DOI:10.3390/s121115206 · 2.05 Impact Factor