Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems

IEEE Transactions on Parallel and Distributed Systems (Impact Factor: 1.8). 08/2011; DOI: 10.1109/TPDS.2010.203
Source: IEEE Xplore

ABSTRACT Some of the most challenging issues in data outsourcing scenario are the enforcement of authorization policies and the support of policy updates. Ciphertext-policy attribute-based encryption is a promising cryptographic solution to these issues for enforcing access control policies defined by a data owner on outsourced data. However, the problem of applying the attribute-based encryption in an outsourced architecture introduces several challenges with regard to the attribute and user revocation. In this paper, we propose an access control mechanism using ciphertext-policy attribute-based encryption to enforce access control policies with efficient attribute and user revocation capability. The fine-grained access control can be achieved by dual encryption mechanism which takes advantage of the attribute-based encryption and selective group key distribution in each attribute group. We demonstrate how to apply the proposed mechanism to securely manage the outsourced data. The analysis results indicate that the proposed scheme is efficient and secure in the data outsourcing systems.

1 Bookmark
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In mission-critical activities, each user is allowed to access some specific, but not all, data gathered by wireless sensor networks. Yu et al recently proposed a centralized fine grained data access control mechanism for sensor networks, which exploits a cryptographic primitive called attribute based encryption (ABE). There is only one trusted authority to distribute keys to the sensor nodes and the users. Compromising the single authority can undermine the whole network. We propose a fully distributed access control method, which has several authorities instead of one. Each sensor has a set of attributes and each user has an access structure of attributes. A message from a sensor is encrypted such that only a user with matching set of attributes can decrypt. Compared to, our schemes need simpler access structure which make secret key distribution more computation efficient, when user rights are modified. We prove that our scheme can tolerate compromising all but one distribution centers, which independently distribute their contributions to a single user key. Our scheme do not increase the computation and communication costs of the sensors, making it highly desirable for fine grained access control.
    Parallel & Distributed Processing Symposium (IPDPS), 2011 IEEE International; 06/2011
  • [Show abstract] [Hide abstract]
    ABSTRACT: Security issues in multi-privileged group communications containing multiple data streams are rather difficult to solve, as there are multiple access privileges among users. Traditional key management schemes use a key graph to manage all the keys in a group, which makes one key being shared by many users resulting in the "one-affect-many" problem. In a key-policy attribute-based encryption (KP-ABE) system, a ciphertext is labeled with a set of attributes and users' keys are associated with access policies, so that a ciphertext can be decrypted by multiple users when the attributes associated with the ciphertext satisfy an access policy in the users' keys. However, KP-ABE can not achieve a scalable revocation mechanism when applied to multi-privileged group communications. In this paper, we propose a scalable encryption scheme for multi-privileged group communications (EMGC), which uniquely combines a collusion resistant broadcast encryption system and a KP-ABE system with a non-monotone access control. Using our scheme, a user can not only join/leave a group at will, but also change his access privilege on demand, while requiring a small number of re-keying operations. Therefore, our scheme, which can accommodate a dynamic group of users, is more applicable to multi-privileged group communications.
    IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing, EUC 2010, Hong Kong, China, 11-13 December 2010; 01/2010 · 0.92 Impact Factor